Skip to main content

Carspot

2 CVEs product

Monthly

CVE-2024-12860 CRITICAL Act Now

The CarSpot - Dealership Wordpress Classified Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.4.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Privilege Escalation Carspot
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2019-15870 MEDIUM POC This Month

The CarSpot theme before 2.1.7 for WordPress has stored XSS via the Phone Number field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Carspot
NVD
CVSS 3.0
5.4
EPSS
0.7%
EPSS 1% CVSS 9.8
CRITICAL Act Now

The CarSpot - Dealership Wordpress Classified Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.4.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Privilege Escalation Carspot
NVD
EPSS 1% CVSS 5.4
MEDIUM POC This Month

The CarSpot theme before 2.1.7 for WordPress has stored XSS via the Phone Number field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Carspot
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy