CVE-2025-3860 – CarDealerPress for WordPress Stored Cross-Site Scripting Vulnerability

May 6, 2025

CVE ID : CVE-2025-3860

Published : May 7, 2025, 3:15 a.m. | 20 minutes ago

Description : The CarDealerPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘saleclass’ parameter in all versions up to, and including, 6.7.2504.00 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-3921 – PeproDev Ultimate Profile Solutions WordPress Unauthenticated Data Modification Vulnerability

Next Article CVE-2025-3853 – WordPress WPshop E-Commerce Plugin Insecure Direct Object Reference Vulnerability

Agent Mode for Gemini added to Android Studio

Google’s Agent2Agent protocol finds new home at the Linux Foundation

Decoding The SVG path Element: Curve And Arc Commands

This week in AI dev tools: Gemini 2.5 Pro and Flash GA, GitHub Copilot Spaces, and more (June 20, 2025)

Microsoft is reportedly planning yet more major cuts at Xbox — as early as next week

Microsoft makes Windows 10 security updates FREE for an extra year — but there’s a catch, and you might not like it

“Deus Ex” just turned 25 years old and it’s still the best PC game of all time — you only need $2 to play it on practically anything

Where to buy a Meta Quest 3S Xbox Edition — and why it’s a better bargain than the “normal” Meta Quest 3S

Vite 7.0 Is Out

Vite 7.0 Is Out

Exploring JavaScript ES2025 Edition

Mastering Mixed DML Operations in Apex

Microsoft is reportedly planning yet more major cuts at Xbox — as early as next week

Microsoft is reportedly planning yet more major cuts at Xbox — as early as next week

Microsoft makes Windows 10 security updates FREE for an extra year — but there’s a catch, and you might not like it

“Deus Ex” just turned 25 years old and it’s still the best PC game of all time — you only need $2 to play it on practically anything

CVE-2025-3860 – CarDealerPress for WordPress Stored Cross-Site Scripting Vulnerability

Critical Kibana Flaws: CVE-2025-2135 (CVSS 9.9) Allows Heap Corruption & RCE; Open Redirect Also Patched

CVE-2025-0966 – IBM InfoSphere Information Server SQL Injection Vulnerability

CVE-2025-5446 – “Linksys Router Remote OS Command Injection Vulnerability”

Sam Altman says ChatGPT’s viral Ghibli effect “forced OpenAI to do a lot of unnatural things”

Rebrand Direct Ferries

CVE-2025-32756 – Fortinet FortiVoice Buffer Overflow Vulnerability

Dune: Awakening (briefly) overtakes Elden Ring Nightreign days before it officially launches

How To Launch Big Complex Projects

CVE-2025-43560 – ColdFusion Arbitrary Code Execution Vulnerability

CVE-2025-6115 – D-Link DIR-619L Stack-Based Buffer Overflow Vulnerability

CVE-2025-3860 – CarDealerPress for WordPress Stored Cross-Site Scripting Vulnerability

Related Posts