Ultimate Wordpress Auction Plugin Security Vulnerabilities and Issues — Ultimate Wordpress Auction Plugin CVE List

Lucene search

AuctionpluginUltimate Wordpress Auction Plugin

3 matches found

CVE•added 2025/05/02 1:15 p.m.•44 views

CVE-2025-4204

The Ultimate Auction Pro plugin for WordPress is vulnerable to SQL Injection via the ‘auction_id’ parameter in all versions up to, and including, 1.5.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible fo...

7.5CVSS7.7AI score0.00073EPSS

CVE•added 2025/01/07 6:15 a.m.•42 views

CVE-2024-8855

The WordPress Auction Plugin WordPress plugin through 3.7 does not sanitize and escape a parameter before using it in a SQL statement, allowing editors and above to perform SQL injection attacks

9.8CVSS7.1AI score0.00049EPSS

CVE•added 2025/01/07 6:15 a.m.•36 views

CVE-2024-8857

The WordPress Auction Plugin WordPress plugin through 3.7 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Stored Cross-Site Scripting attacks.

4.8CVSS5.5AI score0.00009EPSS