Does My auctions allegro have any unpatched vulnerabilities?

Yes — My auctions allegro currently has 2 unpatched vulnerabilities. We recommend switching to an alternative or applying any available workarounds.

Is My auctions allegro compatible with WordPress 6.8.5?

According to WordPress.org data, My auctions allegro 3.6.34 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is My auctions allegro compatible with PHP 7.4+?

My auctions allegro requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is My auctions allegro updated?

My auctions allegro was last updated on Jan 28, 2026. Frequent updates are generally a positive security signal.

What is My auctions allegro's security score?

My auctions allegro has a WP-Safety security score of 40/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

My auctions allegro Security & Risk Analysis

wordpress.org/plugins/my-auctions-allegro-free-edition

Integrate Allegro with WordPress & WooCommerce! My Auctions Allegro imports auctions, syncs inventory/prices, handles orders/accounts.

500 active installs v3.6.34 PHP 7.4+ WP 5.0+ Updated Jan 28, 2026

allegroauctionsimportproductwoocommerce

D · High Risk

CVEs total12

Unpatched2

Last CVEMar 5, 2026

Plugin page Download

Safety Verdict

Is My auctions allegro Safe to Use in 2026?

High Risk

Score 40/100

My auctions allegro carries significant security risk with 12 known CVEs, 2 still unpatched. Consider switching to a maintained alternative.

12 known CVEs 2 unpatched Last CVE: Mar 5, 2026Updated 2mo ago

Risk Assessment

The "my-auctions-allegro-free-edition" plugin version 3.6.34 exhibits a mixed security posture. While it demonstrates good practices in employing prepared statements for most SQL queries and having a decent percentage of output escaping, significant concerns arise from its vulnerability history and specific code signals. The plugin has a substantial history of 12 known CVEs, with 2 currently unpatched, and a concerning pattern of high-severity vulnerabilities including Cross-site Scripting, PHP Remote File Inclusion, SQL Injection, and CSRF. This extensive history suggests a recurring struggle with robust security implementation.

The static analysis reveals a potential weakness in taint analysis, with 3 out of 3 analyzed flows exhibiting unsanitized paths, resulting in 2 high-severity issues. Although the attack surface appears protected by authorization checks, the presence of unsanitized paths in critical taint flows is a significant red flag. The lack of capability checks on any of the entry points is also a notable weakness, as it implies that authorization might not be granularly enforced.

In conclusion, the plugin's extensive vulnerability history and the presence of high-severity taint flows, despite some positive coding practices like prepared statements, indicate a medium to high-risk profile. The unpatched vulnerabilities and the consistent occurrence of common web application vulnerabilities in its past warrant careful consideration and immediate remediation efforts to address the identified weaknesses.

Key Concerns

Unpatched CVEs (2)
High severity taint flows (2)
Vulnerability history of 12 CVEs
Unsanitized paths in taint flows (3/3)
Lack of capability checks on entry points
Output escaping not fully implemented (40%)

Vulnerabilities

My auctions allegro Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

8 CVEs in 2025 · unpatched

2025

3 CVEs in 2026 · unpatched

2026

Patched Has unpatched

Severity Breakdown

High

Medium

12 total CVEs

CVE-2026-22491medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

My auctions allegro <= 3.6.34 - Reflected Cross-Site Scripting

Mar 5, 2026Unpatched

CVE-2025-67943high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

My auctions allegro <= 3.6.32 - Unauthenticated Stored Cross-Site Scripting

Jan 19, 2026 Patched in 3.6.33 (9d)

CVE-2026-22464high · 7.5Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

My auctions allegro <= 3.6.33 - Authenticated (Contributor+) Local File Inclusion

Jan 4, 2026 Patched in 3.6.34 (34d)

CVE-2025-68566medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

My auctions allegro <= 3.6.33 - Authenticated (Administrator+) Stored Cross-Site Scripting

Dec 17, 2025Unpatched

CVE-2025-68567medium · 4.3Cross-Site Request Forgery (CSRF)

My auctions allegro <= 3.6.33 - Cross-Site Request Forgery

Dec 17, 2025 Patched in 3.6.34 (52d)

CVE-2025-12851high · 8.1Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

My auctions allegro <= 3.6.32 - Unauthenticated Local File Inclusion via controller

Dec 4, 2025 Patched in 3.6.33 (1d)

CVE-2025-12850high · 7.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

My auctions allegro <= 3.6.32 - Unauthenticated SQL Injection via auction_id

Dec 4, 2025 Patched in 3.6.33 (1d)

CVE-2025-10048medium · 4.9Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

My Auctions Allegro Plugin <= 3.6.31 - Authenticated (Admin+) SQL Injection

Oct 10, 2025 Patched in 3.6.32 (1d)

CVE-2025-27009medium · 4.3Cross-Site Request Forgery (CSRF)

My auctions allegro <= 3.6.33 - Cross-Site Request Forgery

Apr 14, 2025 Patched in 3.6.34 (319d)

CVE-2025-31542medium · 6.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

My auctions allegro <= 3.6.20 - Authenticated (Contributor+) SQL Injection

Mar 31, 2025 Patched in 3.6.21 (100d)

CVE-2025-22733medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

My auctions allegro <= 3.6.18 - Reflected Cross-Site Scripting

Jan 15, 2025 Patched in 3.6.19 (8d)

CVE-2024-11707medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

My auctions allegro <= 3.6.17 - Reflected Cross-Site Scripting

Dec 2, 2024 Patched in 3.6.18 (1d)

Code Analysis

Analyzed Mar 16, 2026

My auctions allegro Code Analysis

Dangerous Functions

Raw SQL Queries

70 prepared

Unescaped Output

36 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

90% prepared78 total queries

Output Escaping

60% escaped60 total outputs

Data Flows

3 unsanitized

Data Flow Analysis

3 flows3 with unsanitized paths

renderNav (core\table.php:245)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

My auctions allegro Attack Surface

Entry Points6

Unprotected0

AJAX Handlers 5

authwp_ajax_gjmaa_collect_clicksrc\controller\auctions.php:136

noprivwp_ajax_gjmaa_collect_clicksrc\controller\auctions.php:141

authwp_ajax_gjmaa_get_categoriessrc\controller\categories.php:97

authwp_ajax_gjmaa_import_actionsrc\controller\import.php:120

authwp_ajax_gjmaa_reassign_actionsrc\controller\import.php:125

Shortcodes 1

[gjmaa] core\functions.php:640

WordPress Hooks 14

actionadmin_menucore\functions.php:363

filterset-screen-optioncore\functions.php:375

actionadmin_enqueue_scriptscore\functions.php:559

filteradmin_footer_textcore\functions.php:564

filtercron_schedulescore\functions.php:655

actioninitmy-auctions-allegro-free-edition.php:26

actionwidgets_initmy-auctions-allegro-free-edition.php:27

actionadmin_noticesmy-auctions-allegro-free-edition.php:28

actionbefore_woocommerce_initmy-auctions-allegro-free-edition.php:31

actionwoocommerce_product_meta_endsrc\hook\product.php:14

actionwoocommerce_product_options_advancedsrc\hook\product.php:22

actionwoocommerce_process_product_metasrc\hook\product.php:29

actionwp_footersrc\shortcode\auctions.php:29

actionwp_footersrc\widget\auctions.php:97

Maintenance & Trust

My auctions allegro Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedJan 28, 2026

PHP min version7.4

Downloads46K

Community Trust

Rating92/100

Number of ratings22

Active installs500

Alternatives

My auctions allegro Alternatives

Product Import Export for WooCommerce – Import Export Product CSV Suite

product-import-export-for-woo

Easily import/export WooCommerce products (simple, grouped, external/affiliate) via CSV. Transfer product data, including images, reviews, categories, …

90K 7 CVEs

WP All Import – Product Import for WooCommerce

woocommerce-xml-csv-product-import

100

Drag & drop to import products from any CSV, XML, Excel, or Google Sheets file. Supports variations, images, attributes, brands, and more with pow …

20K No CVEs

Datafeedr WooCommerce Importer

datafeedr-woocommerce-importer

Import products from the Datafeedr API into your WooCommerce store.

6K No CVEs

Import WooCommerce Suite

import-woocommerce

100

Use the WooCommerce Import Suite to import Products, Orders, Coupons, Customers, and Reviews with ease. Requires the WP Ultimate CSV Importer Free plu …

4K 1 CVE

Custom Product Tabs for WooCommerce WP All Import Add-on

custom-product-tabs-wp-all-import-add-on

This add-on extends Custom Product Tabs for WooCommerce to work with WP All Import.

1K No CVEs

Developer Profile

My auctions allegro Developer Profile

wphocus

2 plugins · 510 total installs

trust score

Avg Security Score

63/100

Avg Patch Time

53 days

View full developer profile

Detection Fingerprints

How We Detect My auctions allegro

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/my-auctions-allegro-free-edition/assets/css/admin-style.css/wp-content/plugins/my-auctions-allegro-free-edition/assets/css/bootstrap-multiselect.css/wp-content/plugins/my-auctions-allegro-free-edition/assets/css/jquery.dataTables.min.css/wp-content/plugins/my-auctions-allegro-free-edition/assets/css/jquery.Jcrop.min.css/wp-content/plugins/my-auctions-allegro-free-edition/assets/css/style.css/wp-content/plugins/my-auctions-allegro-free-edition/assets/js/bootstrap-multiselect.js/wp-content/plugins/my-auctions-allegro-free-edition/assets/js/admin-script.js/wp-content/plugins/my-auctions-allegro-free-edition/assets/js/jquery.dataTables.min.js+2 more

Generator Patterns

My auctions allegro

Script Paths

/wp-content/plugins/my-auctions-allegro-free-edition/assets/js/bootstrap-multiselect.js/wp-content/plugins/my-auctions-allegro-free-edition/assets/js/admin-script.js/wp-content/plugins/my-auctions-allegro-free-edition/assets/js/jquery.dataTables.min.js/wp-content/plugins/my-auctions-allegro-free-edition/assets/js/jquery.Jcrop.min.js/wp-content/plugins/my-auctions-allegro-free-edition/assets/js/functions.js

Version Parameters

my-auctions-allegro-free-edition/assets/css/admin-style.css?ver=my-auctions-allegro-free-edition/assets/css/bootstrap-multiselect.css?ver=my-auctions-allegro-free-edition/assets/css/jquery.dataTables.min.css?ver=my-auctions-allegro-free-edition/assets/css/jquery.Jcrop.min.css?ver=my-auctions-allegro-free-edition/assets/css/style.css?ver=my-auctions-allegro-free-edition/assets/js/bootstrap-multiselect.js?ver=my-auctions-allegro-free-edition/assets/js/admin-script.js?ver=my-auctions-allegro-free-edition/assets/js/jquery.dataTables.min.js?ver=my-auctions-allegro-free-edition/assets/js/jquery.Jcrop.min.js?ver=my-auctions-allegro-free-edition/assets/js/functions.js?ver=

HTML / DOM Fingerprints

CSS Classes

gjmaa_titlegjmaa_sectiongjmaa_descriptiongjmaa_wrapgjmaa_input_containergjmaa_input_errorgjmaa_text_align_leftgjmaa_display_block+1 more

HTML Comments

Data Attributes

data-gjmaa-tab-iddata-gjmaa-tab-url

JS Globals

GJMAAgjmaa

Shortcode Output

[my_auctions_allegro][my_allegro_auctions][my_allegro_galleries][my_allegro_categories]

FAQ