cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2025-22349,https://securityvulnerability.io/vulnerability/CVE-2025-22349,SQL Injection Vulnerability in WordPress Auction Plugin by Owen Cutajar & Hyder Jaffari,"The WordPress Auction Plugin, developed by Owen Cutajar and Hyder Jaffari, is susceptible to SQL Injection attacks due to inadequate neutralization of special elements within SQL commands. This vulnerability allows attackers to manipulate SQL queries, potentially compromising the security of the database. Versions from n/a up to 3.7 are affected, posing significant risks to users employing the plugin. It is essential for site administrators to review and mitigate this vulnerability to protect against unauthorized data access and exploitation.",Wordpress,WordPress Auction Plugin,7.6,HIGH,0.0004299999854993075,false,,false,false,false,false,false,false,2025-01-07T10:48:40.702Z,0
CVE-2024-8857,https://securityvulnerability.io/vulnerability/CVE-2024-8857,Stored Cross-Site Scripting Vulnerability in Auction Plugin for WordPress,"The Auction Plugin for WordPress versions up to 3.7 is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability due to inadequate sanitization and escaping of certain settings. This issue poses a risk by enabling users with high privileges, such as editors, to inject malicious scripts that could be executed in the browsers of visitors. Appropriate measures should be taken to secure the plugin and prevent potential attacks.",Wordpress,WordPress Auction Plugin,4.8,MEDIUM,0.0004299999854993075,false,,false,false,true,true,false,false,2025-01-07T06:00:05.825Z,0
CVE-2024-8855,https://securityvulnerability.io/vulnerability/CVE-2024-8855,SQL Injection Vulnerability in WordPress Auction Plugin,"The WordPress Auction Plugin, up to version 3.7, is susceptible to SQL injection due to inadequate sanitization and escaping of parameters prior to their use in SQL statements. This flaw allows users with editor-level privileges and above to manipulate SQL queries, potentially leading to unauthorized access to sensitive data or the execution of arbitrary SQL commands. It is crucial for users to monitor their installations and apply security best practices to mitigate the risks associated with this vulnerability.",Wordpress,WordPress Auction Plugin,9.8,CRITICAL,0.0004299999854993075,false,,false,false,true,true,false,false,2025-01-07T06:00:05.088Z,0
CVE-2024-54207,https://securityvulnerability.io/vulnerability/CVE-2024-54207,Cross-site Scripting Vulnerability in WordPress Auction Plugin,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Owen Cutajar & Hyder Jaffari WordPress Auction Plugin allows Stored XSS.This issue affects WordPress Auction Plugin: from n/a through 3.7.,Wordpress,WordPress Auction Plugin,5.9,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-12-06T13:07:29.647Z,0
CVE-2024-51615,https://securityvulnerability.io/vulnerability/CVE-2024-51615,SQL Injection Vulnerability in WordPress Auction Plugin,"An SQL Injection vulnerability exists in the WordPress Auction Plugin developed by Owen Cutajar and Hyder Jaffari. This flaw allows attackers to exploit improper neutralization of special elements used in SQL commands, posing a significant risk to WordPress sites utilizing this plugin. The vulnerability potentially enables unauthorized access to sensitive data and manipulation of the database, leading to severe security breaches. It affects all versions of the plugin up to and including version 3.7, necessitating prompt updates and security measures to mitigate the associated risks.",Wordpress,WordPress Auction Plugin,9.3,CRITICAL,0.0004299999854993075,false,,false,false,false,,false,false,2024-12-06T13:07:22.974Z,0