Techspawn Multiloca vulnerabilities
2 known vulnerabilities affecting techspawn/multiloca.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2024-13341P3MEDIUMCVSS 6.5fixed in 4.1.122025-02-01
CVE-2024-13341 [MEDIUM] CWE-89 CVE-2024-13341: The MultiLoca - WooCommerce Multi Locations Inventory Management plugin for WordPress is vulnerable
The MultiLoca - WooCommerce Multi Locations Inventory Management plugin for WordPress is vulnerable to SQL Injection via the 'data-id' parameter in all versions up to, and including, 4.1.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated
nvd
CVE-2026-39546HIGHCVSS 7.6≥ n/a, ≤ 4.2.152026-06-17
CVE-2026-39546 [HIGH] CWE-266 WordPress MultiLoca plugin <= 4.2.15 - Privilege Escalation vulnerability
WordPress MultiLoca plugin <= 4.2.15 - Privilege Escalation vulnerability
Subscriber Privilege Escalation in MultiLoca <= 4.2.15 versions.
cvelistv5