3 matches found
WordPress WP CarDealer plugin <= 1.2.16 - Unauthenticated Privilege Escalation vulnerability
Unauthenticated Privilege Escalation vulnerability discovered by Foxyyy in WordPress Plugin WP CarDealer versions = 1.2.16...
CVE-2025-13764 WP CarDealer <= 1.2.16 - Unauthenticated Privilege Escalation
The WP CarDealer plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2.16. This is due to the 'WPCarDealerUser::processregister' function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers t...
WordPress Cardealer theme <= 1.6.4 - Missing Authorization to Authenticated (Subscriber+) Change and Delete JS and CSS Files vulnerability
Missing Authorization to Authenticated Subscriber+ Change and Delete JS and CSS Files vulnerability discovered by István Márton in WordPress Theme Car Dealer versions = 1.6.4...