{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-22T18:33:11.431","vulnerabilities":[{"cve":{"id":"CVE-2024-12860","sourceIdentifier":"security@wordfence.com","published":"2025-02-18T09:15:08.660","lastModified":"2025-02-21T15:30:47.383","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"The CarSpot – Dealership Wordpress Classified Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.4.3. This is due to the plugin not properly validating a token prior to updating a user's password. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account."},{"lang":"es","value":"El tema CarSpot – Dealership Wordpress Classified Theme para WordPress es vulnerable a la escalada de privilegios a través de la adquisición de la cuenta en todas las versiones hasta 2.4.3 incluida. Esto se debe al complemento que no valida correctamente un token antes de actualizar la contraseña de un usuario. Esto hace posible que los atacantes no autenticados cambien los administradores de Passwo incluida de los usuarios arbitrarios, y lo aprovechen para obtener acceso a su cuenta."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-620"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:carspot_project:carspot:*:*:*:*:*:wordpress:*:*","versionEndExcluding":"2.4.4","matchCriteriaId":"7FBDA1A0-9DC8-4361-8EFC-AD99A9D2ECBE"}]}]}],"references":[{"url":"https://themeforest.net/item/carspot-automotive-car-dealer-wordpress-classified-theme/20195539","source":"security@wordfence.com","tags":["Product"]},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d1043dce-628f-485b-bc1c-b78938c2a6f5?source=cve","source":"security@wordfence.com","tags":["Third Party Advisory"]}]}}]}