Wphocus My Auctions Allegro
12 CVEs affecting Wphocus My Auctions Allegro. Latest disclosed: 2026-03-25. Critical: 0, High: 8.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-31542 | High | 8.5 | 2025-03-31 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wphocus My auctions allegro my-auctions-allegro-free-edit… |
CVE-2025-12851 | High | 8.1 | 2025-12-05 | The My auctions allegro plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.6.32 via the 'controller' parameter… |
CVE-2026-22464 | High | 7.5 | 2026-01-22 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wphocus My auctions allegro my-auction… |
CVE-2025-12850 | High | 7.5 | 2025-12-05 | The My auctions allegro plugin for WordPress is vulnerable to SQL Injection via the ‘auction_id’ parameter in all versions up to, and including, 3.6.32 due to… |
CVE-2026-22491 | High | 7.1 | 2026-03-25 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wphocus My auctions allegro my-auctions-allegro-free-edit… |
CVE-2025-67943 | High | 7.1 | 2026-01-22 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wphocus My auctions allegro my-auctions-allegro-free-edit… |
CVE-2025-27009 | High | 7.1 | 2025-04-14 | Cross-Site Request Forgery (CSRF) vulnerability in wphocus My auctions allegro my-auctions-allegro-free-edition allows Stored XSS.This issue affects My auction… |
CVE-2025-22733 | High | 7.1 | 2025-01-21 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wphocus My auctions allegro my-auctions-allegro-free-edit… |
CVE-2024-11707 | Medium | 6.1 | 2024-12-03 | The My auctions allegro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 3.6… |
CVE-2025-68566 | Medium | 5.9 | 2025-12-24 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wphocus My auctions allegro my-auctions-allegro-free-edit… |
CVE-2025-68567 | Medium | 5.4 | 2025-12-24 | Cross-Site Request Forgery (CSRF) vulnerability in wphocus My auctions allegro my-auctions-allegro-free-edition allows Cross Site Request Forgery.This issue af… |
CVE-2025-10048 | Medium | 4.9 | 2025-10-11 | The My auctions allegro plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter in all versions up to, and including, 3.6.31 due to insuf… |