WordPress · Wordpress Auction Plugin · CVE-2024-8855
**Name of the Vulnerable Software and Affected Versions**
WordPress Auction Plugin versions 3.7 and earlier
**Description**
The issue allows editors and above to perform SQL injection attacks due to the plugin not sanitizing and escaping a parameter before using it in a SQL statement.
**Recommendations**
For WordPress Auction Plugin versions 3.7 and earlier, update to a version that addresses this issue.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.