Reflected Cross-Site Scripting in Ultimate WooCommerce Auction Pro WordPress Plugin
CVE-2026-4110

Currently unrated

Key Information:

Vendor

WordPress
Status
Ultimate-WooCommerce-auction-pro
Vendor
CVE Published:
22 June 2026

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2026-4110?

The Ultimate WooCommerce Auction Pro WordPress plugin versions up to 2.4.5 are susceptible to a Reflected Cross-Site Scripting vulnerability. This flaw arises due to improper handling of user input, allowing any attacker to craft a malicious link that, when accessed by high-privilege users such as administrators, could execute arbitrary scripts in their browsers. This could lead to unauthorized actions and potential compromise of sensitive data.

Affected Version(s)

ultimate-woocommerce-auction-pro 0 <= 2.4.5

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2026-4110 - Proof of Concept

References

https://wpscan.com/vulnerability/bd44396a-7723-4876-a9c6-...
exploitvdb-entrytechnical-description

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Kacper Rybczyński
WPScan
.