Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total3
Critical0
High2
Medium1
Reset
Showing 1-3 of 3 records
Threat Entry Updated 2025-02-28

CVE-2025-1687 - Cardealer Theme

The Cardealer theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.4. This is due to missing nonce validation on the 'update_user_profile' function. This makes it possible for unauthenticated attackers to update the user email and password via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link.

THEME Cardealer

CVE-2025-1687

HIGH CVSS 8.8 2025-02-28
Open Full Technical Breakdown
Threat Entry Updated 2025-02-28

CVE-2025-1682 - Cardealer Theme

The Cardealer theme for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.6.4 due to missing capability check on the 'save_settings' function. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify the default user role.

THEME Cardealer

CVE-2025-1682

HIGH CVSS 8.8 2025-02-28
Open Full Technical Breakdown
Threat Entry Updated 2025-02-28

CVE-2025-1681 - Cardealer Theme

The Cardealer theme for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check and missing filename sanitization on the demo theme scheme AJAX functions in versions up to, and including, 1.6.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to change or delete arbitrary css and js files.

THEME Cardealer

CVE-2025-1681

MEDIUM CVSS 5.4 2025-02-28
Open Full Technical Breakdown
Scroll to top