CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-12860

The CarSpot – Dealership Wordpress Classified Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.4.3. This is due to the plugin not properly validating a token prior to updating a user's password. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 27.3%

CVSS Severity

CVSS v3 Score 9.8

References

Products affected by CVE-2024-12860

Carspot Project » Carspot » Version: 1.0

cpe:2.3:a:carspot_project:carspot:1.0
Carspot Project » Carspot » Version: 1.0.1

cpe:2.3:a:carspot_project:carspot:1.0.1
Carspot Project » Carspot » Version: 1.0.2

cpe:2.3:a:carspot_project:carspot:1.0.2
Carspot Project » Carspot » Version: 1.0.3

cpe:2.3:a:carspot_project:carspot:1.0.3
Carspot Project » Carspot » Version: 1.0.4

cpe:2.3:a:carspot_project:carspot:1.0.4
Carspot Project » Carspot » Version: 1.0.5

cpe:2.3:a:carspot_project:carspot:1.0.5
Carspot Project » Carspot » Version: 1.0.6

cpe:2.3:a:carspot_project:carspot:1.0.6
Carspot Project » Carspot » Version: 1.0.7

cpe:2.3:a:carspot_project:carspot:1.0.7
Carspot Project » Carspot » Version: 1.0.8

cpe:2.3:a:carspot_project:carspot:1.0.8
Carspot Project » Carspot » Version: 1.0.9

cpe:2.3:a:carspot_project:carspot:1.0.9
Carspot Project » Carspot » Version: 1.1.0

cpe:2.3:a:carspot_project:carspot:1.1.0
Carspot Project » Carspot » Version: 1.1.1

cpe:2.3:a:carspot_project:carspot:1.1.1
Carspot Project » Carspot » Version: 1.1.2

cpe:2.3:a:carspot_project:carspot:1.1.2
Carspot Project » Carspot » Version: 1.1.3

cpe:2.3:a:carspot_project:carspot:1.1.3
Carspot Project » Carspot » Version: 1.1.4

cpe:2.3:a:carspot_project:carspot:1.1.4
Carspot Project » Carspot » Version: 1.1.5

cpe:2.3:a:carspot_project:carspot:1.1.5
Carspot Project » Carspot » Version: 1.1.6

cpe:2.3:a:carspot_project:carspot:1.1.6
Carspot Project » Carspot » Version: 1.1.7

cpe:2.3:a:carspot_project:carspot:1.1.7
Carspot Project » Carspot » Version: 2.0.0

cpe:2.3:a:carspot_project:carspot:2.0.0
Carspot Project » Carspot » Version: 2.0.1

cpe:2.3:a:carspot_project:carspot:2.0.1
Carspot Project » Carspot » Version: 2.0.2

cpe:2.3:a:carspot_project:carspot:2.0.2
Carspot Project » Carspot » Version: 2.0.3

cpe:2.3:a:carspot_project:carspot:2.0.3
Carspot Project » Carspot » Version: 2.0.4

cpe:2.3:a:carspot_project:carspot:2.0.4
Carspot Project » Carspot » Version: 2.0.5

cpe:2.3:a:carspot_project:carspot:2.0.5
Carspot Project » Carspot » Version: 2.0.6

cpe:2.3:a:carspot_project:carspot:2.0.6
Carspot Project » Carspot » Version: 2.0.7

cpe:2.3:a:carspot_project:carspot:2.0.7
Carspot Project » Carspot » Version: 2.0.8

cpe:2.3:a:carspot_project:carspot:2.0.8
Carspot Project » Carspot » Version: 2.0.9

cpe:2.3:a:carspot_project:carspot:2.0.9
Carspot Project » Carspot » Version: 2.1.0

cpe:2.3:a:carspot_project:carspot:2.1.0
Carspot Project » Carspot » Version: 2.1.1

cpe:2.3:a:carspot_project:carspot:2.1.1
Carspot Project » Carspot » Version: 2.1.2

cpe:2.3:a:carspot_project:carspot:2.1.2
Carspot Project » Carspot » Version: 2.1.3

cpe:2.3:a:carspot_project:carspot:2.1.3
Carspot Project » Carspot » Version: 2.1.4

cpe:2.3:a:carspot_project:carspot:2.1.4
Carspot Project » Carspot » Version: 2.1.5

cpe:2.3:a:carspot_project:carspot:2.1.5
Carspot Project » Carspot » Version: 2.1.6

cpe:2.3:a:carspot_project:carspot:2.1.6
Carspot Project » Carspot » Version: 2.1.7

cpe:2.3:a:carspot_project:carspot:2.1.7
Carspot Project » Carspot » Version: 2.1.8

cpe:2.3:a:carspot_project:carspot:2.1.8
Carspot Project » Carspot » Version: 2.1.9

cpe:2.3:a:carspot_project:carspot:2.1.9

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-12860

Products

Pricing

Contact Us