Unrated severityNVD Advisory· Published Jun 22, 2026

Ultimate WooCommerce Auction Pro <= 2.4.5 - Reflected XSS via uwa_manage_auctions

CVE-2026-4259

Description

The ultimate-woocommerce-auction-pro WordPress plugin through 2.4.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

WordPress/Ultimate Woocommerce Auction Proinferred2 versions
<=2.4.5+ 1 more
- (no CPE)range: <=2.4.5
- (no CPE)range: <=2.4.5
Package: https://wordpress.org/plugins/ultimate-woocommerce-auction-pro

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

wpscan.com/vulnerability/a98d234b-11e8-4a07-8593-982d656a4fd3/mitreexploitvdb-entrytechnical-description

News mentions

25 WordPress Plugin CVEs Drop in Three Days: File Deletion, SSRF, and XSS Dominate the Batch
Vypr Intelligence · Jun 22, 2026

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000