Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total9
Critical1
High1
Medium7
Reset
Showing 1-9 of 9 records
Threat Entry Updated 2025-04-07

CVE-2025-3105 - Listing Theme

The Vehica Core plugin for WordPress, used by the Vehica - Car Dealer & Listing WordPress Theme, is vulnerable to privilege escalation in all versions up to, and including, 1.0.97. This is due to the plugin not properly validating user meta fields prior to updating them in the database. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change escalate their privileges to Administrator.

THEME Listing

CVE-2025-3105

HIGH CVSS 8.8 2025-04-04
Open Full Technical Breakdown
Threat Entry Updated 2025-03-27

CVE-2024-13737 - Listing Plugin

The Motors – Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability checks on the motors_create_template and motors_delete_template functions in all versions up to, and including, 1.4.57. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary posts or create listing templates. This issue requires Elementor plugin to be installed, which is a required plugin for Motors Starter Theme.

PLUGIN Listing

CVE-2024-13737

MEDIUM CVSS 4.3 2025-03-22
Open Full Technical Breakdown
Threat Entry Updated 2025-02-11

CVE-2025-0169 - Listing Theme

The DWT - Directory & Listing WordPress Theme is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.3.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

THEME Listing

CVE-2025-0169

MEDIUM CVSS 6.4 2025-02-08
Open Full Technical Breakdown
Threat Entry Updated 2025-01-16

CVE-2025-0170 - Listing Theme

The DWT - Directory & Listing WordPress Theme is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 3.3.3 due to insufficient input sanitization and output escaping on the 'sort_by' and 'token' parameters. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

THEME Listing

CVE-2025-0170

MEDIUM CVSS 6.1 2025-01-16
Open Full Technical Breakdown
Threat Entry Updated 2025-08-08

CVE-2024-10970 - Listing Plugin

The The Motors – Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.4.43. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes.

PLUGIN Listing

CVE-2024-10970

MEDIUM CVSS 5.4 2025-01-16
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2024-5545 - Listing Plugin

The Motors – Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the stm_edit_delete_user_car function in all versions up to, and including, 1.4.8. This makes it possible for unauthenticated attackers to unpublish arbitrary posts and pages.

PLUGIN Listing

CVE-2024-5545

MEDIUM CVSS 5.3 2024-07-02
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-24321 - Listing Theme

The Bello - Directory & Listing WordPress theme before 1.6.0 did not sanitise the bt_bb_listing_field_price_range_to, bt_bb_listing_field_now_open, bt_bb_listing_field_my_lng, listing_list_view and bt_bb_listing_field_my_lat parameters before using them in a SQL statement, leading to SQL Injection issues

THEME Listing

CVE-2021-24321

CRITICAL CVSS 9.8 2021-06-01
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-24320 - Listing Theme

The Bello - Directory & Listing WordPress theme before 1.6.0 did not properly sanitise and escape its listing_list_view, bt_bb_listing_field_my_lat, bt_bb_listing_field_my_lng, bt_bb_listing_field_distance_value, bt_bb_listing_field_my_lat_default, bt_bb_listing_field_keyword, bt_bb_listing_field_location_autocomplete, bt_bb_listing_field_price_range_from and bt_bb_listing_field_price_range_to parameter in ints listing page, leading to reflected Cross-Site Scripting issues.

THEME Listing

CVE-2021-24320

MEDIUM CVSS 6.1 2021-06-01
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-24319 - Listing Theme

The Bello - Directory & Listing WordPress theme before 1.6.0 did not properly sanitise its post_excerpt parameter before outputting it back in the shop/my-account/bello-listing-endpoint/ page, leading to a Cross-Site Scripting issue

THEME Listing

CVE-2021-24319

MEDIUM CVSS 5.4 2021-06-01
Open Full Technical Breakdown
Scroll to top