{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-4204", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-05-01T19:09:45.802Z", "datePublished": "2025-05-02T12:23:39.077Z", "dateUpdated": "2026-04-08T17:29:37.689Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:29:37.689Z"}, "affected": [{"vendor": "Inception Software LLP", "product": "Ultimate Auction Pro", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.5.2", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Ultimate Auction Pro plugin for WordPress is vulnerable to SQL Injection via the \u2018auction_id\u2019 parameter in all versions up to, and including, 1.5.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."}], "title": "Ultimate Auction Pro <= 1.5.2 - Unauthenticated SQL Injection via 'auction_id'", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e492029d-6613-4881-b986-9fe14cb2cf74?source=cve"}, {"url": "https://auctionplugin.net/changelog/ultimate-woo-auction-pro/"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "cweId": "CWE-89", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH"}}], "credits": [{"lang": "en", "type": "finder", "value": "Tom Broucke"}], "timeline": [{"time": "2025-05-01T19:10:28.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-02T13:34:42.611129Z", "id": "CVE-2025-4204", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-02T13:34:55.400Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-4204", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-02T13:34:42.611129Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-02T13:34:46.764Z"}}], "cna": {"title": "Ultimate Auction Pro <= 1.5.2 - Unauthenticated SQL Injection via 'auction_id'", "credits": [{"lang": "en", "type": "finder", "value": "Tom Broucke"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}}], "affected": [{"vendor": "Inception Software LLP", "product": "Ultimate Auction Pro", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "1.5.2"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-05-01T19:10:28.000+00:00", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e492029d-6613-4881-b986-9fe14cb2cf74?source=cve"}, {"url": "https://auctionplugin.net/changelog/ultimate-woo-auction-pro/"}], "descriptions": [{"lang": "en", "value": "The Ultimate Auction Pro plugin for WordPress is vulnerable to SQL Injection via the \u2018auction_id\u2019 parameter in all versions up to, and including, 1.5.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2025-05-02T12:23:39.077Z"}}}, "cveMetadata": {"cveId": "CVE-2025-4204", "state": "PUBLISHED", "dateUpdated": "2025-05-02T13:34:55.400Z", "dateReserved": "2025-05-01T19:09:45.802Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-05-02T12:23:39.077Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:auctionplugin:ultimate_wordpress_auction_plugin:*:*:*:*:pro:wordpress:*:*", "matchCriteriaId": "54B82B99-F10E-45B4-8CAB-DD7D18B36710", "versionEndExcluding": "1.5.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Ultimate Auction Pro plugin for WordPress is vulnerable to SQL Injection via the \u2018auction_id\u2019 parameter in all versions up to, and including, 1.5.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."}, {"lang": "es", "value": "El complemento Ultimate Auction Pro para WordPress es vulnerable a la inyecci\u00f3n SQL mediante el par\u00e1metro 'auction_id' en todas las versiones hasta la 1.5.2 incluida, debido a un escape insuficiente del par\u00e1metro proporcionado por el usuario y a la falta de preparaci\u00f3n de la consulta SQL existente. Esto permite a atacantes no autenticados a\u00f1adir consultas SQL adicionales a las consultas ya existentes, que pueden utilizarse para extraer informaci\u00f3n confidencial de la base de datos."}], "id": "CVE-2025-4204", "lastModified": "2025-06-04T22:39:20.750", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security@wordfence.com", "type": "Primary"}]}, "published": "2025-05-02T13:15:47.423", "references": [{"source": "security@wordfence.com", "tags": ["Release Notes"], "url": "https://auctionplugin.net/changelog/ultimate-woo-auction-pro/"}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e492029d-6613-4881-b986-9fe14cb2cf74?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "security@wordfence.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-20T23:01:13.352461+00:00", "value": {"mitigation_remediation": ["Update Ultimate Auction Pro to version 1.5.3 or later, which implements proper input sanitization and prepared statements for all database interactions.", "If an immediate upgrade is not possible, block or remove access to the auction_id parameter from external requests, for example by disabling the affected endpoint or adding a firewall rule that rejects query strings containing the vulnerable parameter.", "Harden the database user\u2019s privileges by ensuring it only has SELECT rights on the tables accessed by the plugin, and monitor database logs for failed queries or patterns that resemble injection attempts.", "Deploy a Web Application Firewall (WAF) configured to block typical SQL injection payloads targeting the auction_id field until the plugin is fully patched."], "summary": {"action": "Patch Now", "impact": "Data Exfiltration"}, "threat_synthesis": {"affected_systems": "All installations of Inception Software LLP\u2019s Ultimate Auction Pro WordPress plugin with version 1.5.2 or earlier are affected. The plugin operates as a WordPress extension and utilizes the auction_id parameter in HTTP requests to retrieve auction data. Any site using these versions of the plugin without applying an update is at risk.", "description_and_impact": "The Ultimate Auction Pro plugin is vulnerable to unauthenticated SQL injection through the auction_id parameter. Because the parameter is not properly escaped nor is the underlying query prepared, an attacker can append arbitrary SQL statements to the existing query, allowing extraction of sensitive database information. This is a classic CWE\u201189 vulnerability that can compromise data confidentiality but does not directly enable code execution on the host.", "risk_and_exploitability": "The CVSS score of 7.5 indicates a high impact risk, and the EPSS value of less than 1% suggests that exploitation of this weakness is unlikely in the wild at this time. Nevertheless, the vulnerability is listed as not part of CISA\u2019s KEV catalog. An attacker can exploit the flaw by sending a crafted HTTP request containing malicious SQL to the auction_id parameter, potentially in a public or untrusted page. Given the unauthenticated nature of the attack, a remote attacker with access to the site can trigger the injection without needing privileged credentials."}}}}, "created": "2026-04-20T23:15:06.300789+00:00", "updated": "2026-04-20T23:15:06.300849+00:00", "vendors": [], "weaknesses": ["CWE-89"]}