Unauthorized Access Vulnerability in Ultimate WordPress Auction Plugin by WordPress
CVE-2025-0958

6.3MEDIUM

Key Information:

Vendor
Nitesh Singh
Status
Ultimate WordPress Auction Plugin
Vendor
CVE Published:
4 March 2025

Summary

The Ultimate WordPress Auction Plugin for WordPress permits unauthorized access to critical features for users with Contributor-level access and higher. This vulnerability allows attackers to delete auctions, posts, and pages and perform other actions related to auction management. All versions up to and including 4.2.9 are affected, highlighting the importance of updating to secure versions to mitigate potential exploitation.

Affected Version(s)

Ultimate WordPress Auction Plugin * <= 4.2.9

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://plugins.trac.wordpress.org/browser/ultimate-aucti...
https://plugins.trac.wordpress.org/browser/ultimate-aucti...

CVSS V3.1

Score:
6.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Brian Sans-Souci
.