What is CVE-2025-0493 — LFI in MultiVendorX WooCommerce Plugin?

CVE-2025-0493 is a critical Local File Inclusion vulnerability in the MultiVendorX WooCommerce plugin, allowing attackers to include arbitrary PHP files and potentially execute code.

Am I affected by CVE-2025-0493 in MultiVendorX WooCommerce Plugin?

Yes, if you are using MultiVendorX versions 0.0.0 through 4.2.14, you are affected by this vulnerability.

How do I fix CVE-2025-0493 in MultiVendorX WooCommerce Plugin?

Upgrade the MultiVendorX plugin to version 4.2.15 or later to resolve the vulnerability. Consider temporary workarounds if immediate upgrade is not possible.

Is CVE-2025-0493 being actively exploited?

While no widespread exploitation has been confirmed, the vulnerability's ease of exploitation suggests a high probability of future attacks.

Where can I find the official MultiVendorX advisory for CVE-2025-0493?

Refer to the MultiVendorX plugin documentation and website for the official advisory and update information.

CVE-2025-0493 — Vulnerability Details

NEXTGUARD

Escanear grátis

CVE-2025-0493 — Vulnerability Details | NextGuard

Passos de Detecçãotraduzindo…

• wordpress / composer / npm:

grep -r 'tabname' /var/www/html/wp-content/plugins/multivendorx/

• wordpress / composer / npm:

wp plugin list | grep multivendorx

• wordpress / composer / npm:

curl -I http://your-wordpress-site.com/wp-content/plugins/multivendorx/includes/tabname.php | head -n 1

• generic web: Check WordPress access logs for requests containing tabname=../ or similar path traversal attempts.

MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution <= 4.2.14 - Inclusão Local de Arquivo Limitada Não Autenticada

Impacto e Cenários de Ataquetraduzindo…

Contexto de Exploraçãotraduzindo…

Quem Está em Riscotraduzindo…

Passos de Detecçãotraduzindo…

Linha do Tempo do Ataque

Inteligência de Ameaças

Software Afetado

Classificação de Fraqueza (CWE)

Linha do tempo

Mitigação e Soluções Alternativastraduzindo…

Como corrigir

Boletim de Segurança CVE

Perguntas frequentestraduzindo…

What is CVE-2025-0493 — LFI in MultiVendorX WooCommerce Plugin?

Am I affected by CVE-2025-0493 in MultiVendorX WooCommerce Plugin?

How do I fix CVE-2025-0493 in MultiVendorX WooCommerce Plugin?

Is CVE-2025-0493 being actively exploited?

Where can I find the official MultiVendorX advisory for CVE-2025-0493?

Informações do pacote

Seu projeto está afetado?

Detecte esta CVE no seu projeto