PT-2025-49233 · WordPress · My Auctions Allegro Plugin For Wordpress
Published
2025-12-05
·
Updated
2025-12-10
·
CVE-2025-12851
CVSS v3.1
8.1
High
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
My auctions allegro plugin for WordPress versions through 3.6.32
Description
The My auctions allegro plugin for WordPress is susceptible to a Local File Inclusion issue via the
controller parameter. This allows unauthenticated attackers to include and execute arbitrary files on the server, potentially enabling the execution of PHP code within those files. Successful exploitation could bypass access controls and allow the retrieval of sensitive data or code execution, particularly if attackers can upload and include files.Recommendations
Update the My auctions allegro plugin for WordPress to a version later than 3.6.32.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
My Auctions Allegro Plugin For Wordpress