WordPress Plugin Vulnerabilities

Product Catalog Enquiry for WooCommerce by MultiVendorX < 5.0.6 - Cross-Site Request Forgery via REST API

Description

The Product Catalog Enquiry for WooCommerce by MultiVendorX plugin for WordPress is vulnerable to cross-site request forgery due to an improper capability check on the 'catalog_permission' function in versions up to, and including, 5.0.5. While the REST endpoints are only initialized for administrator users, the fact that the 'catalog_permission' returns true means that the REST route is treated as unauthenticated and thus does not require a REST nonce. This makes it possible for unauthenticated attackers to save enquiries.

Affects Plugins

Plugin icon
woocommerce-catalog-enquiry
Fixed in 5.0.6

References

CVE
CVE-2024-25929
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/7cb00342-64f9-4eeb-ba75-1c1544b11334

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Abdi Pranata
Verified
No
WPVDB ID
5009cd29-7fcd-4748-bf46-10666d7bfc80

Timeline

Publicly Published
2024-02-20 (about 2 years ago)
Added
2024-02-23 (about 2 years ago)
Last Updated
2024-02-23 (about 2 years ago)

Other

Published
Title
Published
2023-06-15
Title
Google XML Sitemap for Videos <= 2.6.1 - CSRF
Published
2025-12-19
Title
Quran Gateway <= 1.5 - Cross-Site Request Forgery to Settings Update
Published
2024-10-18
Title
WordPress Image SEO <= 1.1.4 - Cross-Site Request Forgery
Published
2025-05-30
Title
Real Time Validation for Gravity Forms <= 1.7.0 - Cross-Site Request Forgery
Published
2022-09-08
Title
3DPrint < 3.5.6.9 - CSRF to arbitrary file downlad