Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Owen Cutajar & Hyder Jaffari WordPress Auction Plugin allows SQL Injection.This issue affects WordPress Auction Plugin: from n/a through 3.7.CreditsHakiduck (Patchstack Alliance)Referenceshttps://patchstack.com/database/wordpress/plugin/wp-auctions/vulnerability/wordpress-wordpress-auction-plugin-plugin-3-7-sql-injection-vulnerability?_s_id=cve
