CVE-2025-10048

The My auctions allegro plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter in all versions up to, and including, 3.6.31 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

EUVD-2025-33816

The My auctions allegro plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter in all versions up to, and including, 3.6.31 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

CVE-2025-10048

The CVE-2025-10048 entry concerns the WordPress plugin My auctions allegro (versions up to and including 3.6.31). It is vulnerable to SQL Injection via the order parameter due to insufficient escaping and inadequate query preparation, enabling an authenticated attacker with Administrator+ privile...

PT-2025-41641

Name of the Vulnerable Software and Affected Versions My auctions allegro plugin for WordPress versions through 3.6.31 Description The software contains a SQL Injection issue due to insufficient escaping of the order parameter and inadequate preparation of the SQL query. This allows authenticated...

WordPress My Auctions Allegro plugin <= 3.6.31 - Authenticated (Admin+) SQL Injection vulnerability

Authenticated Admin+ SQL Injection vulnerability discovered by tmrswrr in WordPress Plugin My auctions allegro versions = 3.6.31...

EUVD-2025-12367

Malicious code in bioql PyPI...