CVE-2025-3860 – CarDealerPress for WordPress Stored Cross-Site Scripting Vulnerability

May 6, 2025

CVE ID : CVE-2025-3860

Published : May 7, 2025, 3:15 a.m. | 20 minutes ago

Description : The CarDealerPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘saleclass’ parameter in all versions up to, and including, 6.7.2504.00 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-3921 – PeproDev Ultimate Profile Solutions WordPress Unauthenticated Data Modification Vulnerability

Next Article CVE-2025-3853 – WordPress WPshop E-Commerce Plugin Insecure Direct Object Reference Vulnerability

CodeSOD: Across the 4th Dimension

Cursor vs GitHub Copilot (2025): Which AI Platform Wins for Your Node.js Dev Team?

NuGet adds support for Trusted Publishing

AWS launches IDE extension for building browser automation agents

Distribution Release: Kali Linux 2025.3

Distribution Release: SysLinuxOS 13

Development Release: MX Linux 25 Beta 1

DistroWatch Weekly, Issue 1140

Beyond Denial: How AI Concierge Services Can Transform Healthcare from Reactive to Proactive

Beyond Denial: How AI Concierge Services Can Transform Healthcare from Reactive to Proactive

IDC ServiceScape for Microsoft Power Apps Low-Code/No-Code Custom Application Development Services

A Stream-Oriented UI library for interactive web applications

FOSS Weekly #25.39: Kill Switch Phones, LMDE 7, Zorin OS 18 Beta, Polybar, Apt History and More Linux Stuff

FOSS Weekly #25.39: Kill Switch Phones, LMDE 7, Zorin OS 18 Beta, Polybar, Apt History and More Linux Stuff

Distribution Release: Kali Linux 2025.3

Distribution Release: SysLinuxOS 13

CVE-2025-3860 – CarDealerPress for WordPress Stored Cross-Site Scripting Vulnerability

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

ArchiveKeep keeps your files archived in multiple places

CVE-2025-7754 – Code-projects Patient Record Management System SQL Injection Vulnerability

CVE-2025-43856 – Immich OAuth2 CSRF Account Hijacking Vulnerability

Atom Chess – chess engine built using Stockfish and Electron

Redesigning the UK Transport Watchdog Website and Document Portal for Accessibility and Impact

Universal Design Principles: The Importance of Equitable Use for Everyone

Critical AWS Amplify Studio Flaw Allows Code Execution – Update Now!

Microsoft reveals upcoming changes to Microsoft 365 Developer Program

CVE-2025-3860 – CarDealerPress for WordPress Stored Cross-Site Scripting Vulnerability

Related Posts