Skip to main content

Car Dealer

2 CVEs product

Monthly

CVE-2026-24391 HIGH This Week

A reflected Cross-Site Scripting (XSS) vulnerability exists in ThemeMakers Car Dealer WordPress theme affecting versions up to and including 1.6.7. The vulnerability allows attackers to inject malicious scripts that execute in the browsers of users who click specially crafted links, potentially leading to session hijacking, credential theft, or malware distribution. No CVSS score, EPSS data, or KEV status is currently available, and the vulnerability has not been reported as actively exploited in public threat intelligence.

XSS Car Dealer
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2022-3879 MEDIUM POC This Month

The Car Dealer (Dealership) and Vehicle sales WordPress Plugin WordPress plugin before 3.05 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Car Dealer
NVD WPScan
CVSS 3.1
6.5
EPSS
0.3%
EPSS 0% CVSS 7.1
HIGH This Week

A reflected Cross-Site Scripting (XSS) vulnerability exists in ThemeMakers Car Dealer WordPress theme affecting versions up to and including 1.6.7. The vulnerability allows attackers to inject malicious scripts that execute in the browsers of users who click specially crafted links, potentially leading to session hijacking, credential theft, or malware distribution. No CVSS score, EPSS data, or KEV status is currently available, and the vulnerability has not been reported as actively exploited in public threat intelligence.

XSS Car Dealer
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM POC This Month

The Car Dealer (Dealership) and Vehicle sales WordPress Plugin WordPress plugin before 3.05 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Car Dealer
NVD WPScan

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy