MEDIUM
wcmp
CVE published 2026-07-16
CVE-2026-12941
The MultiVendorX – WooCommerce Multivendor Marketplace AI Powered Solutions plugin for WordPress is vulnerable to SQL Injection via the 'order_by' parameter. This allows authenticated attackers with subscriber-level access to append SQL queries, potentially extracting sensitive database information. The vulnerability has a CVSS score of 6.5 and is considered medium severity. The default store approval set [truncated]