MultiVendorX
MultiVendorX
Developer
4.2.37
Latest version
4,000
Installations
Nov 25, 2025
Last updated
Vulnerability history
0 present
22 fixed
12 Mitigation rules
- Broken Access Control vulnerability<= 4.2.23Jun 12, 2025
- Sensitive Data Exposure Vulnerability<= 4.2.22Jun 4, 2025
- Cross Site Scripting (XSS) Vulnerability<= 4.2.22May 19, 2025
- Missing Authorization to Unauthenticated Table Rates Deletion vulnerability<= 4.2.19Apr 4, 2025
- Unauthenticated Limited Local File Inclusion vulnerability<= 4.2.14Jan 31, 2025
- Cross Site Scripting (XSS) vulnerability<= 4.2.13Jan 24, 2025
- Cross-Site Request Forgery to Vendor Updates vulnerability<= 4.2.4Oct 23, 2024
- Missing Authorization to Forged Vendor Profile Deletion Email Sending vulnerability<= 4.2.4Oct 23, 2024
- Missing Authorization to Limited Vendor Privilege Escalation/Account Takeover vulnerability<= 4.2.0Sep 4, 2024
- Reflected Cross Site Scripting (XSS) vulnerability<= 4.1.17Aug 9, 2024
- Authenticated (Contributor+) Stored Cross-Site Scripting via hover_animation Parameter vulnerability<= 4.1.11Jun 6, 2024
- Broken Access Control vulnerability<= 4.1.3Apr 5, 2024
- Cross Site Scripting (XSS) vulnerability<= 4.1.3Mar 28, 2024
- Broken Access Control vulnerability<= 4.0.25Jan 31, 2024
- Broken Access Control vulnerability<= 4.0.23Dec 26, 2023
- Unauthenticated Local File Inclusion (LFI) vulnerability<= 3.8.11.8Aug 15, 2022
- Reflected Cross-Site Scripting vulnerability<= 3.8.11.8Aug 15, 2022
- Unauthorized AJAX Calls Vulnerability<= 3.8.11.8Aug 15, 2022
- Reflected Cross-Site Scripting (XSS) vulnerability<= 3.8.4Dec 6, 2021
- Cross-Site Request Forgery (CSRF) vulnerability<= 3.7.3Jun 8, 2021
- Unauthenticated Arbitrary Product Comment Posting vulnerability<= 3.7.3May 26, 2021
- Cross-Site Request Forgery (CSRF) vulnerability<= 3.5.7Sep 16, 2020