cleantalk
Vulnerabilities and Security Researches

Ultimate WordPress Auction Plugin, CVE-2025-0958

CVE, Research URL

CVE-2025-0958

Home page URL

Security reports for Ultimate WordPress Auction Plugin

Application

Ultimate WordPress Auction Plugin

Published on
Mar 04, 2025
Research Description
The Ultimate WordPress Auction Plugin plugin for WordPress is vulnerable to unauthorized access to functionality in all versions up to, and including, 4.2.9. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete arbitrary auctions, posts as well as pages and allows them to execute other actions related to auction handling.
Affected versions
max 4.3.0.
Status
vulnerable
Previous vulnerability researches
Ultimate WordPress Auction Plugin (CVE-2024-6591) , Jul 28, 2024
Ultimate WordPress Auction Plugin (CVE-2025-0958) , Mar 05, 2025
Ultimate WordPress Auction Plugin (CVE-2025-68084) , Jan 10, 2026
Ultimate WordPress Auction Plugin (CVE-2025-66125) , Jan 10, 2026
Ultimate WordPress Auction Plugin (8e7d1b2e96560e4407df0ba2ca77d987e31618b7) , Jun 07, 2024
New vulnerability
Pure WC Variation Swatches (CVE-2025-12820) , Jan 11, 2026
WP Scraper (CVE-2025-62088) , Jan 11, 2026
Chat Widget: Customer Support Button with SMS Call Button, Click to Chat Messenger Live Chat Support Chat Button – Bit As (CVE-2025-68596) , Jan 11, 2026
Free Follow-Up Emails & Marketing Automation for WooCommerce – ShopMagic (CVE-2025-69093) , Jan 11, 2026
SALESmanago (CVE-2025-68571) , Jan 11, 2026