Stored XSS Vulnerabilities in Motors - Car Dealer & Classified Ads Plugin by WordPress
CVE-2019-17229

6.1MEDIUM

Key Information:

Vendor

Wordpress
Status
Motors - Car Dealer\, Classifieds \& Listing
Vendor
CVE Published:
24 February 2020

What is CVE-2019-17229?

The Motors - Car Dealer & Classified Ads plugin for WordPress, specifically includes/options.php, contains multiple vulnerabilities that allow attackers to exploit stored cross-site scripting (XSS) issues. These vulnerabilities can allow unauthorized users to inject malicious scripts into web pages viewed by other users, potentially leading to data theft and compromised user sessions.

References

https://wpvulndb.com/vulnerabilities/9884
x_refsource_MISC
https://wordpress.org/plugins/motors-car-dealership-class...
x_refsource_MISC
https://blog.nintechnet.com/multiple-vulnerabilities-in-w...
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.