Unrated severityNVD Advisory· Published Jun 22, 2026

Ultimate WooCommerce Auction Pro <= 2.4.5 - Reflected XSS via uwa_auctions_bids_list

CVE-2026-4110

Description

The ultimate-woocommerce-auction-pro WordPress plugin through 2.4.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

WordPress/Ultimate Woocommerce Auction Proinferred2 versions
<=2.4.5+ 1 more
- (no CPE)range: <=2.4.5
- (no CPE)range: <=2.4.5
Package: https://wordpress.org/plugins/ultimate-woocommerce-auction-pro

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

wpscan.com/vulnerability/bd44396a-7723-4876-a9c6-266442879bcb/mitreexploitvdb-entrytechnical-description

News mentions

25 WordPress Plugin CVEs Drop in Three Days: File Deletion, SSRF, and XSS Dominate the Batch
Vypr Intelligence · Jun 22, 2026

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000