39 matches found
CVE-2024-8857
CVE-2024-8857 affects WordPress Auction Plugin (WordPress Auction Plugin) up to version 3.7. The issue is Stored Cross-Site Scripting (XSS) via unsanitized/unchecked plugin settings, allowing an Editor+ (high-privilege) user to inject scripts. Multiple connected sources corroborate the vulnerabil...
PT-2025-3704 · WordPress · Wordpress Auction Plugin
Name of the Vulnerable Software and Affected Versions: WordPress Auction Plugin versions 3.7 and earlier Description: The issue allows editors and above to perform SQL injection attacks due to the plugin not sanitizing and escaping a parameter before using it in a SQL statement. Recommendations:...
WordPress plugin WordPress Auction Plugin 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
PT-2025-3705 · WordPress · Wordpress Auction Plugin
Name of the Vulnerable Software and Affected Versions: WordPress Auction Plugin versions 3.7 and earlier Description: The issue allows high privilege users, such as editors, to perform Stored Cross-Site Scripting attacks due to the plugin not sanitizing and escaping some of its settings...
WordPress WordPress Auction Plugin plugin <= 3.7 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Hakiduck Patchstack Alliance in WordPress Plugin WordPress Auction Plugin versions = 3.7...
CVE-2024-54207
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Marka WordPress Auction Plugin wp-auctions allows Stored XSS.This issue affects WordPress Auction Plugin: from n/a through = 3.7...
CVE-2024-54207 WordPress WordPress Auction Plugin plugin <= 3.7 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Marka WordPress Auction Plugin wp-auctions allows Stored XSS.This issue affects WordPress Auction Plugin: from n/a through = 3.7...
CVE-2024-54207
CVE-2024-54207 describes an Stored XSS in the WordPress Auction Plugin (WordPress Auction Plugin) versions up to and including 3.7, caused by improper input neutralization during web page generation. Public references in the provided documents confirm the existence of this XSS vulnerability and i...
CVE-2024-51615 WordPress WordPress Auction Plugin plugin <= 3.7 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WP Marka WordPress Auction Plugin wp-auctions allows SQL Injection.This issue affects WordPress Auction Plugin: from n/a through = 3.7...
CVE-2024-51615 WordPress WordPress Auction Plugin plugin <= 3.7 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WP Marka WordPress Auction Plugin wp-auctions allows SQL Injection.This issue affects WordPress Auction Plugin: from n/a through = 3.7...
CVE-2024-51615
CVE-2024-51615 is an unauthenticated SQL injection in WordPress Auction Plugin (WP Auctions) 3.7). Patch status in reported records is unpatched.
WordPress plugin WordPress Auction Plugin 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
PT-2024-34758 · WordPress · Wordpress Auction Plugin
Name of the Vulnerable Software and Affected Versions: WordPress Auction Plugin versions n/a through 3.7 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks...
WordPress WordPress Auction Plugin plugin <= 3.7 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Hakiduck Patchstack Alliance in WordPress Plugin WordPress Auction Plugin versions = 3.7...
WordPress WordPress Auction Plugin plugin <= 3.7 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Hakiduck Patchstack Alliance in WordPress Plugin WordPress Auction Plugin versions = 3.7...
PT-2024-37743 · WordPress · The Ultimate Wordpress Auction Plugin
Name of the Vulnerable Software and Affected Versions: The Ultimate WordPress Auction Plugin versions prior to 4.2.7 Description: The issue allows unauthorized email creation and sending due to a missing capability check on the send auction email callback and resend auction email callback...
Ultimate WordPress Auction 1.0 Cross Site Request Forgery
============================================================= \ \ / / | | / \ / | | \ \ V / | | | | | | | | | / \ | ' \ | | | | | | | | | | | | '| | / / . \ | | | | | | || | | | | | | | | | // \ | ./ || / || || |/ || | | || blackpentesters.blogspot.com...
WordPress Plugin Ultimate WordPress Auction Plugin 1.0 - Cross-Site Request Forgery
WordPress Plugin Ultimate WordPress Auction Plugin 1.0 - Cross-Site Request Forgery ============================================================= \ \ / / | | / \ / | | \ \ V / | | | | | | | | | / \ | ' \ | | | | | | | | | | | | '| | / / . \ | | | | | | || | | | | | | | | | // \ | ./ || / || ||...
WordPress Plugin Ultimate WordPress Auction Plugin 1.0 - Cross-Site Request Forgery
============================================================= \ \ / / | | / \ / | | \ \ V / | | | | | | | | | / \ | ' \ | | | | | | | | | | | | '| | / / . \ | | | | | | || | | | | | | | | | // \ | ./ || / || || |/ || | | || blackpentesters.blogspot.com...