Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

My auctions allegro — Vulnerabilities & Security Advisories 12

All 12 CVE vulnerabilities found in My auctions allegro, with AI-generated Chinese analysis, references, and POCs.

Vendor: wphocus

CVE IDTitleCVSSSeverityPublished
CVE-2026-22491 WordPress My auctions allegro plugin <= 3.6.35 - Cross Site Scripting (XSS) vulnerability CWE-79 7.1 High2026-03-25
CVE-2026-22464 WordPress My auctions allegro plugin <= 3.6.33 - Local File Inclusion vulnerability CWE-98 7.5 High2026-01-22
CVE-2025-67943 WordPress My auctions allegro plugin <= 3.6.32 - Cross Site Scripting (XSS) vulnerability CWE-79 6.1AIMediumAI2026-01-22
CVE-2025-68567 WordPress My auctions allegro plugin <= 3.6.33 - Cross Site Request Forgery (CSRF) vulnerability CWE-352 5.4 Medium2025-12-24
CVE-2025-68566 WordPress My auctions allegro plugin <= 3.6.35 - Cross Site Scripting (XSS) vulnerability CWE-79 5.9 Medium2025-12-24
CVE-2025-12851 My auctions allegro <= 3.6.32 - Unauthenticated Local File Inclusion via controller CWE-98 8.1 High2025-12-05
CVE-2025-12850 My auctions allegro <= 3.6.32 - Unauthenticated SQL Injection via auction_id CWE-89 7.5 High2025-12-05
CVE-2025-10048 My Auctions Allegro Plugin <= 3.6.31 - Authenticated (Admin+) SQL Injection CWE-89 4.9 Medium2025-10-11
CVE-2025-27009 WordPress My auctions allegro plugin <= 3.6.33 - Cross Site Request Forgery (CSRF) vulnerability CWE-352 7.1 High2025-04-14
CVE-2025-31542 WordPress My auctions allegro plugin <= 3.6.20 - SQL Injection vulnerability CWE-89 8.5 High2025-03-31
CVE-2025-22733 WordPress My auctions allegro Plugin <= 3.6.18 - Reflected Cross Site Scripting (XSS) vulnerability CWE-79 7.1 High2025-01-21
CVE-2024-11707 My auctions allegro <= 3.6.17 - Reflected Cross-Site Scripting CWE-79 6.1 Medium2024-12-03

All 12 known CVE vulnerabilities affecting My auctions allegro with full Chinese analysis, references, and POCs where available.