6.3
CVE-2025-0958
- EPSS 0.05%
- Veröffentlicht 04.03.2025 10:15:10
- Zuletzt bearbeitet 05.03.2025 16:39:32
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginUltimate WordPress Auction Plugin <= 4.2.9 - Missing Authorization to Arbitrary Post Deletion
The Ultimate WordPress Auction Plugin plugin for WordPress is vulnerable to unauthorized access to functionality in all versions up to, and including, 4.2.9. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete arbitrary auctions, posts as well as pages and allows them to execute other actions related to auction handling.
Mögliche Gegenmaßnahme
Ultimate WordPress Auction Plugin: Update to version 4.3.0, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Ultimate WordPress Auction Plugin
Version
*-4.2.9
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Auctionplugin ≫ Ultimate Auction SwPlatformwordpress Version < 4.3.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.05% | 0.167 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.3 | 2.8 | 3.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
|
| security@wordfence.com | 5.4 | 2.8 | 2.5 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.