33 matches found
CVE-2025-69317
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in scriptsbundle CarSpot carspot allows Reflected XSS.This issue affects CarSpot: from n/a through 2.4.6...
CVE-2025-69317
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in scriptsbundle CarSpot carspot allows Reflected XSS.This issue affects CarSpot: from n/a through 2.4.6...
CVE-2025-69317
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in scriptsbundle CarSpot carspot allows Reflected XSS.This issue affects CarSpot: from n/a through 2.4.6...
CVE-2025-69317
CVE-2025-69317 corresponds to WordPress CarSpot theme before version 2.4.6, with a Reflected XSS vulnerability in the CarSpot theme (scriptsbundle). The issue affects CarSpot:
CVE-2025-69317 WordPress CarSpot theme < 2.4.6 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in scriptsbundle CarSpot carspot allows Reflected XSS.This issue affects CarSpot: from n/a through 2.4.6...
CVE-2025-69317 WordPress CarSpot theme < 2.4.6 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in scriptsbundle CarSpot carspot allows Reflected XSS.This issue affects CarSpot: from n/a through 2.4.6...
WordPress plugin CarSpot has a cross-site scripting vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-4195
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in scriptsbundle CarSpot carspot allows Reflected XSS.This issue affects CarSpot: from n/a through 2.4.6...
WordPress CarSpot theme < 2.4.6 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme CarSpot versions 2.4.6...
EUVD-2019-6781
Malware in sbrugna...
CVE-2019-15870
The CarSpot theme before 2.1.7 for WordPress has stored XSS via the Phone Number field...
CVE-2024-12860
The CarSpot – Dealership Wordpress Classified Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.4.3. This is due to the plugin not properly validating a token prior to updating a user's password. This makes it possible for...
CVE-2024-12860
The CarSpot – Dealership Wordpress Classified Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.4.3. This is due to the plugin not properly validating a token prior to updating a user's password. This makes it possible for...
CVE-2024-12860
The CarSpot – Dealership Wordpress Classified Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.4.3. This is due to the plugin not properly validating a token prior to updating a user's password. This makes it possible for...
CVE-2024-12860 CarSpot – Dealership Wordpress Classified Theme <= 2.4.3 - Unauthenticated Arbitrary Password Reset/Account Takeover
The CarSpot – Dealership Wordpress Classified Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.4.3. This is due to the plugin not properly validating a token prior to updating a user's password. This makes it possible for...
CVE-2024-12860 CarSpot – Dealership Wordpress Classified Theme <= 2.4.3 - Unauthenticated Arbitrary Password Reset/Account Takeover
The CarSpot – Dealership Wordpress Classified Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.4.3. This is due to the plugin not properly validating a token prior to updating a user's password. This makes it possible for...
CVE-2024-12860
CVE-2024-12860 refers to the CarSpot – Dealership WordPress Classified Theme. The vulnerability allows unauthenticated privilege escalation via account takeover because the plugin does not properly validate a token before updating a user’s password. The issue affects CarSpot up to and including v...
WordPress plugin CarSpot 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
WordPress CarSpot theme <= 2.4.3 - Unauthenticated Arbitrary Password Reset/Account Takeover vulnerability
Unauthenticated Arbitrary Password Reset/Account Takeover vulnerability discovered by Lucio Sá in WordPress Theme CarSpot versions = 2.4.3...
CarSpot < 2.2.3 - Multiple Vulnerabilities
Multiple vulnerabilities was discovered in the 'CarSpot – Dealership Wordpress Classified Theme', tested version — v2.2.0: - Authenticated Persistent XSS - Registration Form/User Profile - Authenticated Persistent XSS - Ad Post - IDOR leading to arbitrary deletion of ads Edit WPScanTeam: January...