Skip to main content

Grand Car Rental

2 CVEs product

Monthly

CVE-2025-69151 HIGH This Week

Reflected/unauthenticated cross-site scripting in the ThemeGoods Grand Car Rental WordPress theme versions 3.7 and earlier lets remote attackers execute arbitrary JavaScript in a victim's browser session after the victim follows a crafted link or visits a malicious page. The flaw carries a CVSS 3.1 base score of 7.1 with scope change, indicating impact beyond the vulnerable component, and no public exploit identified at time of analysis. Disclosure is coordinated through Patchstack and tracked as EUVD-2025-210174.

XSS Grand Car Rental
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2026-39633 MEDIUM This Month

Cross-site request forgery (CSRF) in ThemeGoods Grand Car Rental WordPress theme versions up to 3.6.9 allows authenticated attackers to perform unauthorized actions on behalf of users through malicious web pages. The vulnerability requires user interaction (UI:R) and affects confidentiality, integrity, and availability with low impact. EPSS exploitation probability is 0.01% (1st percentile), indicating minimal real-world exploitation likelihood despite the moderate CVSS score of 6.5.

CSRF Grand Car Rental
NVD
CVSS 3.1
6.5
EPSS
0.0%
EPSS 0% CVSS 7.1
HIGH This Week

Reflected/unauthenticated cross-site scripting in the ThemeGoods Grand Car Rental WordPress theme versions 3.7 and earlier lets remote attackers execute arbitrary JavaScript in a victim's browser session after the victim follows a crafted link or visits a malicious page. The flaw carries a CVSS 3.1 base score of 7.1 with scope change, indicating impact beyond the vulnerable component, and no public exploit identified at time of analysis. Disclosure is coordinated through Patchstack and tracked as EUVD-2025-210174.

XSS Grand Car Rental
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Cross-site request forgery (CSRF) in ThemeGoods Grand Car Rental WordPress theme versions up to 3.6.9 allows authenticated attackers to perform unauthorized actions on behalf of users through malicious web pages. The vulnerability requires user interaction (UI:R) and affects confidentiality, integrity, and availability with low impact. EPSS exploitation probability is 0.01% (1st percentile), indicating minimal real-world exploitation likelihood despite the moderate CVSS score of 6.5.

CSRF Grand Car Rental
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy