PT-2026-44750 · WordPress · Automotive Car Dealership Business Wordpress Theme

·

CVE-2025-14042

·

Published

2026-05-29

·

Updated

2026-05-29

CVSS v3.1

6.4

Medium

VectorAV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions Automotive Car Dealership Business WordPress Theme versions prior to 13.4.2
Description The software is subject to Stored Cross-Site Scripting, a condition where malicious scripts are permanently stored on the target server. The issue exists in the 'Project Details' custom field within Portfolio Items due to insufficient input sanitization and output escaping of user-supplied attributes in the project details variable. Authenticated attackers with contributor-level permissions or higher can inject arbitrary web scripts that execute when a user accesses the affected page.
Recommendations Update to a version later than 13.4.1. As a temporary workaround, restrict access to the project details custom field for users with contributor-level permissions.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2025-14042

Affected Products

Automotive Car Dealership Business Wordpress Theme