cleantalk
Vulnerabilities and Security Researches

Ultimate WordPress Auction Plugin, CVE-2024-6591

CVE, Research URL

CVE-2024-6591

Home page URL

Security reports for Ultimate WordPress Auction Plugin

Application

Ultimate WordPress Auction Plugin

Published on
Jul 27, 2024
Research Description
The Ultimate WordPress Auction Plugin plugin for WordPress is vulnerable to unauthorized email creation and sending due to a missing capability check on the 'send_auction_email_callback' and 'resend_auction_email_callback' functions in all versions up to, and including, 4.2.6. This makes it possible for unauthenticated attackers to craft emails that include links and send to any email address.
Affected versions
max 4.2.8.
Status
vulnerable
Previous vulnerability researches
Ultimate WordPress Auction Plugin (CVE-2024-6591) , Jul 28, 2024
Ultimate WordPress Auction Plugin (CVE-2025-0958) , Mar 05, 2025
Ultimate WordPress Auction Plugin (CVE-2025-68084) , Jan 10, 2026
Ultimate WordPress Auction Plugin (CVE-2025-66125) , Jan 10, 2026
Ultimate WordPress Auction Plugin (8e7d1b2e96560e4407df0ba2ca77d987e31618b7) , Jun 07, 2024
New vulnerability
Pure WC Variation Swatches (CVE-2025-12820) , Jan 11, 2026
WP Scraper (CVE-2025-62088) , Jan 11, 2026
Chat Widget: Customer Support Button with SMS Call Button, Click to Chat Messenger Live Chat Support Chat Button – Bit As (CVE-2025-68596) , Jan 11, 2026
Free Follow-Up Emails & Marketing Automation for WooCommerce – ShopMagic (CVE-2025-69093) , Jan 11, 2026
SALESmanago (CVE-2025-68571) , Jan 11, 2026