一、 漏洞 CVE-2025-0958 基础信息
漏洞标题
WordPress Ultimate Auction Plugin 4.2.9及以下版本存在任意帖子删除授权不足漏洞
来源:AIGC 神龙大模型
漏洞描述信息
针对WordPress的插件Ultimate WordPress Auction Plugin,在所有版本中,包括4.2.9版本,均存在未经授权访问功能的漏洞。这使得具有Contributor级别及以上权限的经过身份验证的攻击者能够删除任意拍卖、帖子以及页面,并允许他们执行与拍卖处理相关的其他操作。
来源:AIGC 神龙大模型
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
来源:AIGC 神龙大模型
漏洞类别
授权机制不正确
来源:AIGC 神龙大模型
漏洞标题
Ultimate WordPress Auction Plugin <= 4.2.9 - Missing Authorization to Arbitrary Post Deletion
来源:美国国家漏洞数据库 NVD
漏洞描述信息
The Ultimate WordPress Auction Plugin plugin for WordPress is vulnerable to unauthorized access to functionality in all versions up to, and including, 4.2.9. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete arbitrary auctions, posts as well as pages and allows them to execute other actions related to auction handling.
来源:美国国家漏洞数据库 NVD
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
来源:美国国家漏洞数据库 NVD
漏洞类别
输入验证不恰当
来源:美国国家漏洞数据库 NVD
二、漏洞 CVE-2025-0958 的公开POC
# POC 描述 源链接 神龙链接
三、漏洞 CVE-2025-0958 的情报信息

  • 标题: Ultimate WordPress Auction Plugin <= 4.2.9 - Missing Authorization to Arbitrary Post Deletion -- 🔗来源链接

    标签:

    Ultimate WordPress Auction Plugin <= 4.2.9 - Missing Authorization to Arbitrary Post Deletion

  • 标题: ultimate-auction.php in ultimate-auction/trunk – WordPress Plugin Repository -- 🔗来源链接

    标签:

    ultimate-auction.php in ultimate-auction/trunk – WordPress Plugin Repository

  • 标题: ultimate-auction.php in ultimate-auction/trunk – WordPress Plugin Repository -- 🔗来源链接

    标签:

    ultimate-auction.php in ultimate-auction/trunk – WordPress Plugin Repository

  • 标题: send-private-msg.php in ultimate-auction/trunk/ajax-actions – WordPress Plugin Repository -- 🔗来源链接

    标签:

    send-private-msg.php in ultimate-auction/trunk/ajax-actions – WordPress Plugin Repository

  • 标题: Changeset 3242416 for ultimate-auction/trunk/ultimate-auction.php – WordPress Plugin Repository -- 🔗来源链接

    标签:

    Changeset 3242416 for ultimate-auction/trunk/ultimate-auction.php – WordPress Plugin Repository
  • https://nvd.nist.gov/vuln/detail/CVE-2025-0958