CVE-2024-6591 Ultimate WordPress Auction Plugin <= 4.2.7 - Missing Authorization to Unauthenticated Email Creation
The Ultimate WordPress Auction Plugin plugin for WordPress is vulnerable to unauthorized email creation and sending due to a missing capability check on the 'sendauctionemailcallback' and 'resendauctionemailcallback' functions in all versions up to, and including, 4.2.7. This makes it possible fo...