2024-07-27 01:51:03
Wordfence
PUBLISHED
The Ultimate WordPress Auction Plugin plugin for WordPress is vulnerable to unauthorized email creation and sending due to a missing capability check on the send_auction_email_callback and resend_auction_email_callback functions in all versions up to, and including, 4.2.6. This makes it possible for unauthenticated attackers to craft emails that include links and send to any email address.