What the vulnerability does
01Description
Insertion of Sensitive Information Into Sent Data vulnerability in MultiVendorX MultiVendorX dc-woocommerce-multi-vendor allows Retrieve Embedded Sensitive Data.This issue affects MultiVendorX: from n/a through <= 4.2.22.
Explanation of Vulnerability in Simple Terms
02Summary
MultiVendorX versions 4.2.22 and earlier contain an information disclosure vulnerability accessible over the network without authentication. An attacker can read sensitive data from the application. The vulnerability requires no user interaction and affects confidentiality but not integrity or availability. Update to a version newer than 4.2.22.
What an attacker can do
03Attacker Capabilities
Read sensitive information from the application without logging in.
Potential impact on your site
04Site Impact
Sensitive data may be exposed to unauthenticated attackers, potentially including user information or system details.
Conditions required to exploit
05Prerequisites
Network access to the MultiVendorX installation. No authentication or user interaction required.
Key dates
06Disclosure timeline
June 9, 2025
CVE published
April 29, 2026
Record updated