[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$feW1pFrfWjWHJGkYFGNUAA3s88lgVYOGlrjzG1u_p6ws":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20},"CVE-2024-8289","multivendorx-the-ultimate-woocommerce-multivendor-marketplace-solution-missing-authorization-to-arbitrary-vendor-deletio","MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution \u003C= 4.2.0 - Missing Authorization to Arbitrary Vendor Deletion","The MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to arbitrary vendor user deletion due to an insufficient capability check on the delete_item_permissions_check function in all versions up to, and including, 4.2.0. This makes it possible for unauthenticated attackers to delete arbitrary users with the vendor role. This can be combined with CVE-2024-8289 to delete administrator accounts.","dc-woocommerce-multi-vendor",null,"\u003C=4.2.0","4.2.1","high",7.5,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:N\u002FI:H\u002FA:N","Missing Authorization","2024-09-03 00:00:00","2024-09-03 20:10:35",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fe55ff883-1796-4282-b005-26dfd154b11f?source=api-prod",1]