CVE-2026-4110 | The ultimate-woocommerce-auction-pro WordPress plugin throug…

Description

The ultimate-woocommerce-auction-pro WordPress plugin through 2.4.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

Metadata

CVE ID: CVE-2026-4110
State: PUBLISHED
Assigner: WPScan
Reserved: 2026-03-13 10:56 UTC
Published: 2026-06-22 06:00 UTC
Last updated: 2026-06-22 06:00 UTC
Vendor / Product: Unknown / ultimate-woocommerce-auction-pro
Sources: cve.org · NVD

Severity & Metrics

No CVSS data available.

Affected products (1)

Vendor	Product	Platform	Versions
Unknown	ultimate-woocommerce-auction-pro	—	0 ≤ 2.4.5

Weakness (CWE)

CWE	Source	Description
—	cna	CWE-79 Cross-Site Scripting (XSS)

References (1)

https://wpscan.com/vulnerability/bd44396a-7723-4876-a9c6-266442879bcb/