Vulnerabilities and security researches formy-auctions-allegro-free-edition my-auctions-allegro-free-edition
Direction: ascendingDec 06, 2024
My auctions allegro # CVE-2024-11707
- CVE, Research URL
- Home page URL
- Application
- Date
- Dec 03, 2024
- Research Description
- The My auctions allegro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 3.6.17 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Jan 24, 2025
My auctions allegro # CVE-2025-22733
- CVE, Research URL
- Home page URL
- Application
- Date
- Jan 21, 2025
- Research Description
- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPHocus My auctions allegro allows Reflected XSS. This issue affects My auctions allegro: from n/a through 3.6.18.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Apr 02, 2025
My auctions allegro # CVE-2025-31542
- CVE, Research URL
- Home page URL
- Application
- Date
- Mar 31, 2025
- Research Description
- Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wphocus My auctions allegro allows Blind SQL Injection. This issue affects My auctions allegro: from n/a through 3.6.20.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Apr 16, 2025
My auctions allegro # CVE-2025-27009
- CVE, Research URL
- Home page URL
- Application
- Date
- Apr 14, 2025
- Research Description
- Cross-Site Request Forgery (CSRF) vulnerability in wphocus My auctions allegro allows Stored XSS.This issue affects My auctions allegro: from n/a through 3.6.20.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable