CVE-2025-0958

4 Mar 2025

Título es
CVE-2025-0958

Mar, 04/03/2025 – 10:15

Tipo
CWE-20

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-0958

Descripción en
The Ultimate WordPress Auction Plugin plugin for WordPress is vulnerable to unauthorized access to functionality in all versions up to, and including, 4.2.9. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete arbitrary auctions, posts as well as pages and allows them to execute other actions related to auction handling.

04/03/2025

Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Gravedad 3.1 (CVSS 3.1 Base Score)
5.40

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
MEDIUM

Referencias

https://plugins.trac.wordpress.org/browser/ultimate-auction/trunk/ajax-actions/send-private-msg.php#L35

https://plugins.trac.wordpress.org/browser/ultimate-auction/trunk/ultimate-auction.php#L219

https://plugins.trac.wordpress.org/browser/ultimate-auction/trunk/ultimate-auction.php#L274

https://plugins.trac.wordpress.org/changeset/3242416/ultimate-auction/trunk/ultimate-auction.php

https://www.wordfence.com/threat-intel/vulnerabilities/id/af3675c9-3a6b-4139-85e8-2fc57f290e82?source=cve

Enviar en el boletín
Off