CVE-2024-12860 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

The CarSpot – Dealership Wordpress Classified Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and in…
Critical CVSS: 9.8

CVE-2024-12860

The CarSpot – Dealership Wordpress Classified Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.4.3. This is due to the plugin not properly validating a token prior to updating a user's password. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.
Vendor
Carspot Project
Product
Carspot
CWE
CWE-620
Yayın Tarihi
2025-02-18 09:15:08
Güncelleme
2025-02-21 15:30:47
Source Identifier
security@wordfence.com
KEV Date Added
-

Kategoriler

CWE-620 Carspot CRITICAL Carspot Project 2025

Referanslar

https://themeforest.net/item/carspot-automotive-car-dealer-wordpress-classified-theme/20195539 https://www.wordfence.com/threat-intel/vulnerabilities/id/d1043dce-628f-485b-bc1c-b78938c2a6f5?source=cve