6 matches found
CVE-2025-12850
The My auctions allegro plugin for WordPress is vulnerable to SQL Injection via the ‘auctionid’ parameter in all versions up to, and including, 3.6.32 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible f...
CVE-2025-12850
The My auctions allegro plugin for WordPress is vulnerable to SQL Injection via the ‘auctionid’ parameter in all versions up to, and including, 3.6.32 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible f...
CVE-2025-12850 My auctions allegro <= 3.6.32 - Unauthenticated SQL Injection via auction_id
The My auctions allegro plugin for WordPress is vulnerable to SQL Injection via the ‘auctionid’ parameter in all versions up to, and including, 3.6.32 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible f...
CVE-2025-12850
CVE-2025-12850 concerns the WordPress plugin “My auctions allegro”. It affects all versions up to and including 3.6.32 and enables a malicious actor to exploit an unauthenticated SQL Injection via the auction_id parameter. The root cause is insufficient escaping of user input and lack of proper q...
PT-2025-49230
Name of the Vulnerable Software and Affected Versions My auctions allegro plugin for WordPress versions through 3.6.32 Description The My auctions allegro plugin for WordPress is susceptible to SQL Injection via the auction id parameter. Insufficient escaping of user-supplied input and a lack of...
CVE-2025-4204
The Ultimate Auction Pro plugin for WordPress is vulnerable to SQL Injection via the ‘auctionid’ parameter in all versions up to, and including, 1.5.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible f...