CVE-2024-6591

MEDIUM Year: 2024
CVSS v3 Score
5.8
Medium
Weakness Type
CWE-862
View all →

Vulnerability Description

The Ultimate WordPress Auction Plugin plugin for WordPress is vulnerable to unauthorized email creation and sending due to a missing capability check on the 'send_auction_email_callback' and 'resend_auction_email_callback' functions in all versions up to, and including, 4.2.6. This makes it possible for unauthenticated attackers to craft emails that include links and send to any email address.

Related Vulnerabilities

CVE-2019-19985

MEDIUM
CVSS:5.8(Medium)

The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed unauthenticated file download with user information disclosure.

CWE-8622019

CVE-2024-43274

MEDIUM
CVSS:5.8(Medium)

Missing Authorization vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JS Help Desk – Bes...

CWE-8622024

CVE-2025-22720

MEDIUM
CVSS:5.8(Medium)

Missing Authorization vulnerability in MagePeople Team Booking and Rental Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Booking and Rental Manager...

CWE-8622025

CVE-2025-31876

MEDIUM
CVSS:5.8(Medium)

Missing Authorization vulnerability in gunnarpayday Payday allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Payday: from n/a through 3.3.12.

CWE-8622025

CVE-2025-39580

MEDIUM
CVSS:5.8(Medium)

Missing Authorization vulnerability in jidaikobo Dashi allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Dashi: from n/a through 3.1.8.

CWE-8622025

CVE-2025-43008

MEDIUM
CVSS:5.8(Medium)

Due to missing authorization check, an unauthorized user can view the files of other company. This might lead to disclosure of personal data of employees. There is no impact on integrity and availabil...

CWE-8622025