CVE-2025-4101

Name of the Vulnerable Software and Affected Versions: MultiVendorX – WooCommerce Multivendor Marketplace Solutions plugin for WordPress versions prior to 4.2.22

Description: The issue allows authenticated attackers with Contributor-level access and above to delete arbitrary posts, pages, attachments, and products due to a misconfigured capability check on the delete fpm product function.

Recommendations: For versions prior to 4.2.22, update to a version that fully patches the vulnerability, as version 4.2.22 only partially addresses the issue. As a temporary workaround, consider restricting access to the delete fpm product function until a fully patched version is available.