CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54298 – WordPress Car Dealer plugin <= 4.46 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-54298
11 Dec 2024 — Missing Authorization vulnerability in Bill Minozzi Car Dealer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Car Dealer: from n/a through 4.46. The Car Dealer plugin for WordPress is vulnerable to unauthorized access to data due to a missing capability check on the cardealer_dbase_get_callback function in versions up to, and including, 4.46. This makes it possible for authenticated attackers, with subscriber-level access and above, to manage plugin settings. • https://patchstack.com/database/wordpress/plugin/cardealer/vulnerability/wordpress-car-dealer-plugin-4-46-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4214 – WordPress cardealer plugin <= 4.15 - Content Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-4214
25 Apr 2024 — Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS vulnerability in Bill Minozzi Car Dealer allows Code Injection.This issue affects Car Dealer: from n/a through 4.15. Neutralización incorrecta de etiquetas HTML relacionadas con scripts en una página web (la vulnerabilidad XSS básica en Bill Minozzi Car Dealer permite la inyección de código. Este problema afecta a Car Dealer: desde n/a hasta 4.15. The Car Dealer (Dealership) and Vehicle sales plugin for WordPress is vulnerable to u... • https://patchstack.com/database/vulnerability/cardealer/wordpress-cardealer-plugin-4-15-content-injection-vulnerability?_s_id=cve • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •