Reflected Cross-Site Scripting Vulnerability in Car Demon Plugin for WordPress
CVE-2024-13334

6.1MEDIUM

Key Information:

Vendor: WordPress
Status: Car Demon
Vendor: CVE Published:; 15 January 2025

What is CVE-2024-13334?

The Car Demon plugin for WordPress is prone to a reflected cross-site scripting vulnerability through the 'search_condition' parameter in all versions up to and including 1.8.1. The issue stems from inadequate input sanitization and output escaping procedures. This vulnerability allows unauthenticated attackers to craft malicious web scripts that can be executed in the user’s browser, provided they can entice a user to click on a compromised link. As a result, users may unknowingly expose sensitive information or execute unwanted actions on their accounts.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Car Demon * <= 1.8.1

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/car-demon/trun...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 15, 2025
Vulnerability Reserved
Jan 10, 2025

Credit

Nathan

Victor Haugen

JSON

WordPress