CVE Catalog
CVE-2026-27426
HighCVSS 7.1Summary
The Automotive Car Dealership Business plugin versions up to 13.3.3 contain an unauthenticated Cross Site Scripting (XSS) vulnerability. It allows an attacker to inject malicious script without authentication.
Risk Assessment
The risk includes potential session hijacking, redirection to malicious sites, or theft of sensitive data, which could compromise organizational security and reputation.
Recommendation
Immediately update the plugin to the latest available version that fixes this vulnerability. Also perform a security audit of the application.
Original NVD description (English source)
Unauthenticated Cross Site Scripting (XSS) in Automotive Car Dealership Business <= 13.3.3 versions.

