cleantalk
Vulnerabilities and Security Researches

My auctions allegro, CVE-2025-27009

CVE, Research URL

CVE-2025-27009

Home page URL

Security reports for My auctions allegro

Application

My auctions allegro

Published on
Apr 14, 2025
Research Description
Cross-Site Request Forgery (CSRF) vulnerability in wphocus My auctions allegro allows Stored XSS.This issue affects My auctions allegro: from n/a through 3.6.20.
Affected versions
max 3.6.25.
Status
vulnerable
Previous vulnerability researches
My auctions allegro (CVE-2025-27009) , Apr 16, 2025
My auctions allegro (CVE-2024-11707) , Dec 06, 2024
My auctions allegro (CVE-2025-31542) , Apr 02, 2025
My auctions allegro (CVE-2025-22733) , Jan 24, 2025
New vulnerability
FileBird – WordPress Media Library Folders & File Manager (CVE-2025-11510) , Oct 29, 2025
WordPress Webinar Plugin – WebinarPress (CVE-2025-62972) , Oct 29, 2025
Genealogical Tree – WordPress Family Tree (CVE-2025-58023) , Oct 12, 2025
WPB Quick View Popup for WooCommerce – Display Product Informations in Popup on Button Click (CVE-2025-57967) , Oct 12, 2025
Mixtape (CVE-2025-9860) , Oct 12, 2025