The WC Vendors Marketplace plugin is affected by an authenticated SQL injection vulnerability that risks the confidentiality and integrity of the marketplace database.

This vulnerability is triggered by inadequate input validation within the plugin's code, allowing an authenticated subscriber to inject malicious SQL commands. This flaw permits unauthorized interactions with the database layer of the marketplace.

Exploitation of this vulnerability allows attackers to access, alter, or destroy sensitive marketplace data, including vendor information and transaction records. A CVSS score of 8.5 highlights the severe risk to business continuity and data privacy for organizations utilizing this e-commerce solution.

Immediate Action: Apply the latest security patches provided by Rymera for the WC Vendors Marketplace plugin.

Proactive Monitoring: Review database logs for suspicious SQL syntax or abnormal query execution times that may indicate an ongoing attack.

Compensating Controls: Deploy a Web Application Firewall (WAF) configured to detect and block common SQL injection patterns targeting WordPress plugin endpoints.

Public Exploit Available: false

Administrators must prioritize updating the plugin to the latest patched version to remediate this vulnerability. Given that the exploit requires authenticated subscriber access, organizations should also review their user registration settings and monitor for suspicious new account activity.