CVE-2026-12941 | wcmp MultiVendorX Plugin up to 5.0.9 on WordPress transactions endpoint order_by sql injection (EUVD-2026-44860)

SecurityVulns

A vulnerability labeled as critical has been found in wcmp MultiVendorX Plugin up to 5.0.9 on WordPress. The impacted element is an unknown function of the component transactions endpoint. The manipulation of the argument order_by results in sql injection.

This vulnerability is reported as CVE-2026-12941. The attack can be launched remotely. No exploit exists.VulDB Recent EntriesRead More