CarSpot
by WordPress
CVEs (2)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-12860 | 0.00 | — | 0.00 | Feb 18, 2025 | The CarSpot – Dealership Wordpress Classified Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.4.3. This is due to the plugin not properly validating a token prior to updating a user's password. This… | |||
| CVE-2019-15870 | 0.00 | — | 0.01 | Sep 3, 2019 | The CarSpot theme before 2.1.7 for WordPress has stored XSS via the Phone Number field. |
- CVE-2024-12860Feb 18, 2025risk 0.00cvss —epss 0.00
The CarSpot – Dealership Wordpress Classified Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.4.3. This is due to the plugin not properly validating a token prior to updating a user's password. This…
- CVE-2019-15870Sep 3, 2019risk 0.00cvss —epss 0.01
The CarSpot theme before 2.1.7 for WordPress has stored XSS via the Phone Number field.