CVE Catalog

CVE-2026-27426

HighCVSS 7.1
Published: Updated: Translated: NVD NIST

Summary

The Automotive Car Dealership Business plugin versions up to 13.3.3 contain an unauthenticated Cross Site Scripting (XSS) vulnerability. It allows an attacker to inject malicious script without authentication.

Risk Assessment

The risk includes potential session hijacking, redirection to malicious sites, or theft of sensitive data, which could compromise organizational security and reputation.

Recommendation

Immediately update the plugin to the latest available version that fixes this vulnerability. Also perform a security audit of the application.

Original NVD description (English source)

Unauthenticated Cross Site Scripting (XSS) in Automotive Car Dealership Business <= 13.3.3 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS