Persistent XSS Vulnerability in Car Rental System Plugin for WordPress
CVE-2020-15535

6.1MEDIUM

Key Information:

Vendor

Wordpress

Vendor
CVE Published:
5 July 2020

What is CVE-2020-15535?

A persistent cross-site scripting (XSS) vulnerability has been identified in the Car Rental System plugin, version 1.3, for WordPress. This security flaw allows attackers to inject malicious scripts through various registration fields, which can then be executed in the context of other users' sessions. Successful exploitation of this vulnerability could lead to unauthorized actions on behalf of the users, compromising their data and potentially affecting the integrity of the website.

References

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.