Primary

Context

MultiLoca WooCommerce Multi Locations Inventory Management Missing Authorization Vulnerability Privilege Escalation

Vulnerability

Patched

A vulnerability in the MultiLoca - WooCommerce Multi Locations Inventory Management plugin for WordPress, present in versions through 4.2.8, allows for unauthorized data modification that could lead to privilege escalation. The issue arises from a missing capability check in the 'wcmlim_settings_ajax_handler' function, enabling unauthenticated attackers to update arbitrary options on the WordPress site. This vulnerability could be exploited to change the default role for new user registrations to administrator, thereby granting administrative access to the attacker.

Impact

Exploitation of this vulnerability could result in unauthorized administrative access on the affected WordPress site.

Remediation

Users are advised to update the plugin to version 4.2.9 or a newer patched version.

Added: Sep 24, 2025, 12:17 PM

Updated: Sep 24, 2025, 9:55 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

5.0

exploitability

7.6

remediation

7.7

relevance

0.6

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

5.0

exploitability

7.6

remediation

7.7

relevance

0.6

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

MultiLoca WooCommerce Multi Locations Inventory Management Missing Authorization Vulnerability Privilege Escalation

Vulnerability

Impact

Remediation

Affected Products

Techspawn MultiLoca - WooCommerce Multi Locations Inventory Management

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating