PatchSiren

wcmp CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM wcmp CVE published 2026-07-16

CVE-2026-12941

The MultiVendorX – WooCommerce Multivendor Marketplace AI Powered Solutions plugin for WordPress is vulnerable to SQL Injection via the 'order_by' parameter. This allows authenticated attackers with subscriber-level access to append SQL queries, potentially extracting sensitive database information. The vulnerability has a CVSS score of 6.5 and is considered medium severity. The default store approval set [truncated]