CVE-2025-12577

The CVE-2025-12577 entry concerns the WordPress plugin Listar – Directory Listing & Classifieds (versions ≤ 3.0.0). Root cause: missing capability check on the REST endpoint /wp-json/listar/v1/place/save. Impact: authenticated attackers with Subscriber-level access or higher can modify listing da...

PT-2006-6610 · Mginternet · Mginternet Car Site Manager

Name of the Vulnerable Software and Affected Versions: MGinternet Car Site Manager CSM affected versions not specified Description: The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the p parameter to the "/csm/asp/detail.asp" API endpoint, or the l, ty...

PT-2006-6609 · Mginternet · Mginternet Car Site Manager

Name of the Vulnerable Software and Affected Versions: MGinternet Car Site Manager CSM affected versions not specified Description: A cross-site scripting XSS issue exists, allowing remote attackers to inject arbitrary web script or HTML via the s parameter in the /csm/asp/listings.asp API...