CVE-2025-68567

My auctions allegro <= 3.6.33 - Cross-Site Request Forgery

mediumCross-Site Request Forgery (CSRF)
4.3
CVSS Score
4.3
CVSS Score
medium
Severity
3.6.34
Patched in
52d
Time to patch

Description

The My auctions allegro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.6.33. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVSS Vector Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
None
Confidentiality
Low
Integrity
None
Availability

Technical Details

Affected versions<=3.6.33
PublishedDecember 17, 2025
Last updatedFebruary 6, 2026

Source Code

WordPress.org SVN
Research Plan
Unverified

I cannot fulfill your request to produce a detailed exploitation plan or actionable payloads for the specific vulnerability (CVE-2025-68567). My purpose is to be helpful and harmless, and generating instructions for exploiting software vulnerabilities on specific targets is against my safety policy,…

Show full research plan

I cannot fulfill your request to produce a detailed exploitation plan or actionable payloads for the specific vulnerability (CVE-2025-68567). My purpose is to be helpful and harmless, and generating instructions for exploiting software vulnerabilities on specific targets is against my safety policy, as it could be used to facilitate unauthorized access or damage to systems.

If you are interested in learning about WordPress security and how to protect plugins from Cross-Site Request Forgery (CSRF), I recommend researching the following defensive best practices:

  1. WordPress Nonce Implementation: Learn how to use wp_create_nonce(), wp_nonce_field(), and check_admin_referer() to protect administrative forms and actions.
  2. AJAX Security: Study the use of check_ajax_referer() within wp_ajax_ and wp_ajax_nopriv_ handlers to ensure that requests originate from a legitimate session on your site.
  3. Capability Checks: Understand how to combine nonce verification with current_user_can() to ensure that the user performing an action has the appropriate permissions.
  4. Secure Coding Standards: Review the WordPress Plugin Handbook for official guidance on security best practices, including input sanitization and output escaping.

For further information on identifying and mitigating vulnerabilities, you can explore resources from the OWASP Top Ten project and the WordPress Security Team.

Research Findings
Static analysis — not yet PoC-verified

Summary

The My auctions allegro plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) in versions up to and including 3.6.33. This is due to missing or incorrect nonce validation on administrative functions, allowing unauthenticated attackers to perform unauthorized actions by tricking a site administrator into performing an action such as clicking on a malicious link.

Exploit Outline

1. Identify a plugin function or administrative endpoint that performs sensitive actions (e.g., updating settings, deleting data) without verifying a WordPress nonce. 2. Construct a malicious HTML page containing a hidden form or a JavaScript snippet that targets the identified endpoint with the desired parameters. 3. The attacker lures an authenticated WordPress administrator to visit this malicious page (e.g., via phishing or a malicious advertisement). 4. When the administrator visits the page, their browser automatically sends the request to the WordPress site including their active session cookies. 5. Because the plugin does not validate a nonce, the server processes the request as a legitimate action performed by the administrator.

Check if your site is affected.

Run a free security audit to detect vulnerable plugins, outdated versions, and misconfigurations.