Motors Car Dealer & Classified Ads < 1.4.1 - Multiple Issues



Description
- Unauthenticated plugin's settings import/export (leading to stored XSS)
- Authenticated settings import
- Unsanitised inputs
- Authenticated options change

Affects Plugin

References

CVE 2019-17228
CVE 2019-17229
URL https://blog.nintechnet.com/multiple-vulnerabilities-in-wordpress-motors-car-dealer-classified-ads-plugin/

Classification

Type MULTI

Miscellaneous

Original Researcher Jerome Bruandet
Views 6521
Verified No
WPVDB ID 9884

Timeline

Publicly Published 2019-09-20 (8 months ago)
Added 2019-09-20 (8 months ago)
Last Updated 2020-02-25 (3 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin