Unrated severityNVD Advisory· Published Mar 4, 2025· Updated Apr 8, 2026
Ultimate WordPress Auction Plugin <= 4.2.9 - Missing Authorization to Arbitrary Post Deletion
CVE-2025-0958
Description
The Ultimate WordPress Auction Plugin plugin for WordPress is vulnerable to unauthorized access to functionality in all versions up to, and including, 4.2.9. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete arbitrary auctions, posts as well as pages and allows them to execute other actions related to auction handling.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Range: <=4.2.9
- nitesh_singh/Ultimate WordPress Auction Pluginv5Range: 0
Patches
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- plugins.trac.wordpress.org/browser/ultimate-auction/trunk/ajax-actions/send-private-msg.phpmitre
- plugins.trac.wordpress.org/browser/ultimate-auction/trunk/ultimate-auction.phpmitre
- plugins.trac.wordpress.org/browser/ultimate-auction/trunk/ultimate-auction.phpmitre
- plugins.trac.wordpress.org/changeset/3242416/ultimate-auction/trunk/ultimate-auction.phpmitre
- www.wordfence.com/threat-intel/vulnerabilities/id/af3675c9-3a6b-4139-85e8-2fc57f290e82mitre
News mentions
0No linked articles in our index yet.