PT-2026-44750 · WordPress · Automotive Car Dealership Business Wordpress Theme
CVSS v3.1
6.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Automotive Car Dealership Business WordPress Theme versions prior to 13.4.2
Description
The software is subject to Stored Cross-Site Scripting, a condition where malicious scripts are permanently stored on the target server. The issue exists in the 'Project Details' custom field within Portfolio Items due to insufficient input sanitization and output escaping of user-supplied attributes in the
project details variable. Authenticated attackers with contributor-level permissions or higher can inject arbitrary web scripts that execute when a user accesses the affected page.Recommendations
Update to a version later than 13.4.1.
As a temporary workaround, restrict access to the
project details custom field for users with contributor-level permissions.Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Automotive Car Dealership Business Wordpress Theme