Missing Authorization Vulnerability in Nitesh Ultimate Auction by Nitesh
CVE-2025-68084

Currently unrated

Key Information:

Vendor

WordPress
Status
Ultimate Auction
Vendor
CVE Published:
16 December 2025

What is CVE-2025-68084?

The Ultimate Auction plugin by Nitesh exhibits a critical flaw due to missing authorization which can allow unauthorized access and exploitation through incorrectly configured access control security settings. This vulnerability impacts multiple versions of the plugin, making it imperative for users to review their configurations and apply necessary updates to mitigate potential security risks.

Affected Version(s)

Ultimate Auction <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/ulti...
vdb-entry

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

daroo | Patchstack Bug Bounty Program
JSON
.
CVE-2025-68084 : Missing Authorization Vulnerability in Nitesh Ultimate Auction by Nitesh