CVE-2025-3860 – CarDealerPress for WordPress Stored Cross-Site Scripting Vulnerability

May 6, 2025

CVE ID : CVE-2025-3860

Published : May 7, 2025, 3:15 a.m. | 20 minutes ago

Description : The CarDealerPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘saleclass’ parameter in all versions up to, and including, 6.7.2504.00 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-3921 – PeproDev Ultimate Profile Solutions WordPress Unauthenticated Data Modification Vulnerability

Next Article CVE-2025-3853 – WordPress WPshop E-Commerce Plugin Insecure Direct Object Reference Vulnerability

The Power Of The Intl API: A Definitive Guide To Browser-Native Internationalization

This week in AI dev tools: GPT-5, Claude Opus 4.1, and more (August 8, 2025)

Elastic simplifies log analytics for SREs and developers with launch of Log Essentials

OpenAI launches GPT-5

I compared the best headphones from Apple, Sony, Bose, and Sonos: Here’s how the AirPods Max wins

I changed these 6 settings on my iPad to significantly improve its battery life

DistroWatch Weekly, Issue 1134

3 portable power stations I travel everywhere with (and how they differ)

Next.js PWA offline capability with Service Worker, no extra package

Next.js PWA offline capability with Service Worker, no extra package

spatie/laravel-flare

Establishing Consistent Data Foundations with Laravel’s Database Population System

Windows 11 Copilot gets free access to GPT-5 Thinking, reduced rate limits than ChatGPT Free

Windows 11 Copilot gets free access to GPT-5 Thinking, reduced rate limits than ChatGPT Free

Best Architecture AI Rendering Platform: 6 Tools Tested

Microsoft won’t kill off Chromium Edge and PWAs on Windows 10 until October 2028

CVE-2025-3860 – CarDealerPress for WordPress Stored Cross-Site Scripting Vulnerability

Researchers Reveal ReVault Attack Targeting Dell ControlVault3 Firmware in 100+ Laptop Models

Researchers Detail Windows EPM Poisoning Exploit Chain Leading to Domain Privilege Escalation

Mortal Shell 2 was Summer Game Fest’s first banger announcement, and the Soulslike sequel is getting a beta before release

Using await at the top level in ES modules

I compared the best headphones from Apple, Sony, Bose, and Sonos: Here’s how the AirPods Max wins

I replaced my ThinkPad with this Lenovo tablet for a week – and it was pretty dang close

Learning Cloud with HTB Business CTF 2025 — A Complete (cloud) Writeup: Part 2 (END)

CVE-2025-41418 – TB-eye Network Recorders/AHD Recorders Buffer Overflow Vulnerability

Kimusky Hackers Exploiting RDP & MS Office Vulnerabilities in Targeted Attacks

Five iOS 26 features I already can’t live without – and how to access them

CVE-2025-3860 – CarDealerPress for WordPress Stored Cross-Site Scripting Vulnerability

Related Posts