CVE-2026-22464

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in wphocus My auctions allegro my-auctions-allegro-free-edition allows PHP Local File Inclusion.This issue affects My auctions allegro: from n/a through = 3.6.33...

CVE-2026-22464

CVE-2026-22464 applies to the WordPress plugin My Auctions Allegro Free Edition (≤ 3.6.33). The issue is a PHP Local File Inclusion caused by improper control of the filename in Include/Require statements, enabling LFI within the affected plugin. Public references in connected sources confirm aff...

WordPress plugin My Auctions Allegro has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

WordPress My auctions allegro plugin <= 3.6.33 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by theviper17 in WordPress Plugin My auctions allegro versions = 3.6.33...

WordPress My auctions allegro plugin <= 3.6.33 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Muhammad Nur Ibnu Hubab in WordPress Plugin My auctions allegro versions = 3.6.33...

WordPress My auctions allegro plugin <= 3.6.34 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Nur Ibnu Hubab in WordPress Plugin My auctions allegro versions = 3.6.34...

WordPress My auctions allegro plugin <= 3.6.32 - Unauthenticated Local File Inclusion via controller vulnerability

Unauthenticated Local File Inclusion via controller vulnerability discovered by type5afe in WordPress Plugin My auctions allegro versions = 3.6.32...