17 matches found
EUVD-2024-52448
Malicious code in bioql PyPI...
EUVD-2025-13661
Malicious code in bioql PyPI...
CVE-2025-3860
The CarDealerPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘saleclass' parameter in all versions up to, and including, 6.8.2505.00 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-lev...
CVE-2025-3860
The CarDealerPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘saleclass' parameter in all versions up to, and including, 6.8.2505.00 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-lev...
CVE-2025-3860 CarDealerPress <= 6.8.2505.00 - Authenticated (Contributor+) Stored Cross-Site Scripting via saleclass Parameter
The CarDealerPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘saleclass' parameter in all versions up to, and including, 6.8.2505.00 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-lev...
CVE-2025-3860 CarDealerPress <= 6.8.2505.00 - Authenticated (Contributor+) Stored Cross-Site Scripting via saleclass Parameter
The CarDealerPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘saleclass' parameter in all versions up to, and including, 6.8.2505.00 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-lev...
CVE-2025-3860
The CVE-2025-3860 entry concerns the CarDealerPress WordPress plugin. A Stored Cross-Site Scripting vulnerability exists in the saleclass parameter across all versions up to 6.7.2504.00, enabling an authenticated attacker with Contributor-level access or higher to inject scripts that run on pages...
PT-2025-19910 · Unknown · Cardealerpress
Name of the Vulnerable Software and Affected Versions: CarDealerPress versions up to, and including, 6.7.2504.00 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows authenticated attackers with Contributor-level...
WordPress plugin CarDealerPress 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A cross-site...
WordPress CarDealerPress plugin <= 6.8.2505.00 - Authenticated (Contributor+) Stored Cross-Site Scripting via saleclass Parameter vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via saleclass Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin CarDealerPress versions = 6.8.2505.00...
CVE-2024-54325
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in DealerTrend CarDealerPress cardealerpress allows Reflected XSS.This issue affects CarDealerPress: from n/a through = 6.6.2410.02...
CVE-2024-54325
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in DealerTrend CarDealerPress cardealerpress allows Reflected XSS.This issue affects CarDealerPress: from n/a through = 6.6.2410.02...
CVE-2024-54325
CVE-2024-54325 is a reflected cross-site scripting vulnerability in CarDealerPress (DealerTrend) that allows an attacker to inject malicious input which is reflected in the web page. The issue is caused by improper neutralization of input during web page generation, enabling likely an XSS payload...
CVE-2024-54325 WordPress CarDealerPress plugin <= 6.6.2410.02 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in DealerTrend CarDealerPress allows Reflected XSS.This issue affects CarDealerPress: from n/a through 6.6.2410.02...
CVE-2024-54325 WordPress CarDealerPress plugin <= 6.6.2410.02 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in DealerTrend CarDealerPress cardealerpress allows Reflected XSS.This issue affects CarDealerPress: from n/a through = 6.6.2410.02...
WordPress plugin CarDealerPress 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A cross-site...
WordPress CarDealerPress plugin <= 6.6.2410.02 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin CarDealerPress versions = 6.6.2410.02...