6 matches found
CVE-2025-68084
CVE-2025-68084 relates to the WordPress plugin “Ultimate Auction” (ultimate-auction). Connected sources confirm a Missing Authorization / Broken Access Control vulnerability affecting Ultimate Auction versions up to 4.3.2. The CVE entry is present in multiple feeds and the Wordfence vulnerability...
CVE-2025-66125 WordPress Ultimate Auction plugin <= 4.3.3 - Sensitive Data Exposure vulnerability
Insertion of Sensitive Information Into Sent Data vulnerability in Nitesh Ultimate Auction ultimate-auction allows Retrieve Embedded Sensitive Data.This issue affects Ultimate Auction : from n/a through = 4.3.3...
CVE-2025-66125
CVE-2025-66125 affects the Ultimate WordPress Auction Plugin (
WordPress Ultimate Auction plugin <= 4.3.2 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by daroo in WordPress Plugin Ultimate Auction versions = 4.3.2...
WordPress Ultimate Auction Plugin <= 4.2.67 is vulnerable to Broken Access Control
Software Ultimate Auction Type Plugin Vulnerable versions = 4.2.67 Fixed in 4.2.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-6591 Patch priority Medium CVSS severity Medium 5.8 Developer Claim ownership PSID 97fe9efdff7a Credits Lucio Sá Required...
WordPress Ultimate Auction Plugin <= 4.2.5 is vulnerable to Cross Site Request Forgery (CSRF)
Software Ultimate Auction Type Plugin Vulnerable versions = 4.2.5 Fixed in 4.2.6 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-37543 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ed8502cd34a3 Credits Majed Refaea...