Automotive Listings
Monthly
Reflected Cross-Site Scripting in the Automotive Listings WordPress plugin (versions 18.6 and earlier) lets remote unauthenticated attackers inject arbitrary JavaScript that executes in a victim's browser when they follow a crafted link. Reported by Patchstack and classified CWE-79 with a CVSS 3.1 score of 7.1 (scope-changed, low impact across confidentiality, integrity, and availability), the flaw requires user interaction but no authentication. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV.
Reflected Cross-Site Scripting in the Automotive Listings WordPress plugin (versions 18.6 and earlier) lets remote unauthenticated attackers inject arbitrary JavaScript that executes in a victim's browser when they follow a crafted link. Reported by Patchstack and classified CWE-79 with a CVSS 3.1 score of 7.1 (scope-changed, low impact across confidentiality, integrity, and availability), the flaw requires user interaction but no authentication. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV.