CVE 7.1 HIGH

Ultimate WooCommerce Auction Pro <= 2.4.5 - Reflected XSS via uwa_manage_auctions_CVE-2026-4259

June 22, 2026 invoker category_cve
7.1 / 10
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Description

The ultimate-woocommerce-auction-pro WordPress plugin through 2.4.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

Basic Information

ID CVE-2026-4259
Source WPScan
Published Jun 22, 2026 at 06:00
Modified Jun 22, 2026 at 12:55

Affected Product

Vendor Unknown
Product ultimate-woocommerce-auction-pro
Affected Versions Unknown ultimate-woocommerce-auction-pro 0

CWE Classification

CWE-79

References

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.