13 matches found
CVE-2026-24391
The connected document identifies a concrete vulnerability: WordPress Car Dealer theme versions ≤ 1.6.7 suffers a reflected Cross-Site Scripting (XSS) vulnerability. The issue is caused by input that is reflected back to the user without proper sanitization, enabling an attacker to run arbitrary ...
CVE-2026-24391 WordPress Car Dealer theme <= 1.6.7 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeMakers Car Dealer cardealer allows Reflected XSS.This issue affects Car Dealer: from n/a through = 1.6.7...
WordPress Car Dealer theme <= 1.6.7 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Car Dealer versions = 1.6.7...
CVE-2025-1282
The Car Dealer Automotive WordPress Theme – Responsive theme for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deletepostphoto and addcar functions in all versions up to, and including, 1.6.3. This makes it possible for authenticated attackers,...
CVE-2025-39480 WordPress Car Dealer theme < 1.6.8 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in ThemeMakers Car Dealer cardealer allows Object Injection.This issue affects Car Dealer: from n/a through 1.6.8...
WordPress Car Dealer theme <= 1.6.6 - PHP Object Injection Vulnerability
PHP Object Injection Vulnerability discovered by Bonds in WordPress Theme Car Dealer versions = 1.6.6...
WordPress Cardealer theme <= 1.6.4 - Arbitrary Theme Option Update to Authenticated (Subscriber+) Privilege Escalation vulnerability
Arbitrary Theme Option Update to Authenticated Subscriber+ Privilege Escalation vulnerability discovered by István Márton in WordPress Theme Car Dealer versions = 1.6.4...
WordPress Cardealer theme <= 1.6.4 - Cross-Site Request Forgery to User Update via update_user_profile vulnerability
Cross-Site Request Forgery to User Update via updateuserprofile vulnerability discovered by István Márton in WordPress Theme Car Dealer versions = 1.6.4...
CVE-2025-1282
The Car Dealer Automotive WordPress Theme – Responsive theme for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deletepostphoto and addcar functions in all versions up to, and including, 1.6.3. This makes it possible for authenticated attackers,...
CVE-2025-1282 Car Dealer Automotive WordPress Theme – Responsive <= 1.6.3 - Authenticated (Subscriber+) Arbitrary File Deletion and Read
The Car Dealer Automotive WordPress Theme – Responsive theme for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deletepostphoto and addcar functions in all versions up to, and including, 1.6.3. This makes it possible for authenticated attackers,...
WordPress Car Dealer theme <= 1.6.3 - Authenticated (Subscriber+) Arbitrary File Deletion and Read vulnerability
Authenticated Subscriber+ Arbitrary File Deletion and Read vulnerability discovered by Tonn in WordPress Theme Car Dealer versions = 1.6.3...
WordPress ThemeMakers Car Dealer / Auto Dealer Responsive theme Information Disclosure Vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers.ThemeMakers Car Dealer / Auto Dealer Responsive theme is one of the car sales website theme plugins used in it. WordPress...
WordPress Car Dealer Theme - Information Disclosure
Because of this vulnerability, the attackers can obtain sensitive information. Solution Update the theme...