Skip to main content

Automotive Listings

1 CVEs product

Monthly

CVE-2026-27425 HIGH This Week

Reflected Cross-Site Scripting in the Automotive Listings WordPress plugin (versions 18.6 and earlier) lets remote unauthenticated attackers inject arbitrary JavaScript that executes in a victim's browser when they follow a crafted link. Reported by Patchstack and classified CWE-79 with a CVSS 3.1 score of 7.1 (scope-changed, low impact across confidentiality, integrity, and availability), the flaw requires user interaction but no authentication. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV.

XSS Automotive Listings
NVD
CVSS 3.1
7.1
EPSS
0.2%
EPSS 0% CVSS 7.1
HIGH This Week

Reflected Cross-Site Scripting in the Automotive Listings WordPress plugin (versions 18.6 and earlier) lets remote unauthenticated attackers inject arbitrary JavaScript that executes in a victim's browser when they follow a crafted link. Reported by Patchstack and classified CWE-79 with a CVSS 3.1 score of 7.1 (scope-changed, low impact across confidentiality, integrity, and availability), the flaw requires user interaction but no authentication. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV.

XSS Automotive Listings
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy