Grand Car Rental
Monthly
Reflected/unauthenticated cross-site scripting in the ThemeGoods Grand Car Rental WordPress theme versions 3.7 and earlier lets remote attackers execute arbitrary JavaScript in a victim's browser session after the victim follows a crafted link or visits a malicious page. The flaw carries a CVSS 3.1 base score of 7.1 with scope change, indicating impact beyond the vulnerable component, and no public exploit identified at time of analysis. Disclosure is coordinated through Patchstack and tracked as EUVD-2025-210174.
Cross-site request forgery (CSRF) in ThemeGoods Grand Car Rental WordPress theme versions up to 3.6.9 allows authenticated attackers to perform unauthorized actions on behalf of users through malicious web pages. The vulnerability requires user interaction (UI:R) and affects confidentiality, integrity, and availability with low impact. EPSS exploitation probability is 0.01% (1st percentile), indicating minimal real-world exploitation likelihood despite the moderate CVSS score of 6.5.
Reflected/unauthenticated cross-site scripting in the ThemeGoods Grand Car Rental WordPress theme versions 3.7 and earlier lets remote attackers execute arbitrary JavaScript in a victim's browser session after the victim follows a crafted link or visits a malicious page. The flaw carries a CVSS 3.1 base score of 7.1 with scope change, indicating impact beyond the vulnerable component, and no public exploit identified at time of analysis. Disclosure is coordinated through Patchstack and tracked as EUVD-2025-210174.
Cross-site request forgery (CSRF) in ThemeGoods Grand Car Rental WordPress theme versions up to 3.6.9 allows authenticated attackers to perform unauthorized actions on behalf of users through malicious web pages. The vulnerability requires user interaction (UI:R) and affects confidentiality, integrity, and availability with low impact. EPSS exploitation probability is 0.01% (1st percentile), indicating minimal real-world exploitation likelihood despite the moderate CVSS score of 6.5.