SQL Injection Vulnerability in WordPress Auction Plugin by Owen Cutajar & Hyder Jaffari
CVE-2025-22349
7.6HIGH
Summary
The WordPress Auction Plugin, developed by Owen Cutajar and Hyder Jaffari, is susceptible to SQL Injection attacks due to inadequate neutralization of special elements within SQL commands. This vulnerability allows attackers to manipulate SQL queries, potentially compromising the security of the database. Versions from n/a up to 3.7 are affected, posing significant risks to users employing the plugin. It is essential for site administrators to review and mitigate this vulnerability to protect against unauthorized data access and exploitation.
Affected Version(s)
WordPress Auction Plugin <= 3.7
References
CVSS V3.1
Score:
7.6
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Hakiduck (Patchstack Alliance)