CVE-2026-4110
MediumCVSS 6.1Exploitation Probability (EPSS)
Low risk5th percentile — higher than 5% of all known CVEs
Summary
The ultimate-woocommerce-auction-pro plugin for WordPress up to version 2.4.5 does not sanitize and escape a parameter before outputting it back on the page, leading to a Reflected Cross-Site Scripting vulnerability. This could be exploited against high privilege users such as admins.
Risk Assessment
Exploitation of this vulnerability could lead to the compromise of admin accounts, posing a serious security threat to the entire site.
Recommendation
It is recommended to update the plugin to the latest version that includes security fixes, and to review and validate input parameters to prevent XSS attacks.
Original NVD description (English source)
The ultimate-woocommerce-auction-pro WordPress plugin through 2.4.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

