{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-12T12:19:44.783","vulnerabilities":[{"cve":{"id":"CVE-2025-1681","sourceIdentifier":"security@wordfence.com","published":"2025-02-28T00:15:35.950","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Cardealer theme for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check and missing filename sanitization on the demo theme scheme AJAX functions in versions up to, and including, 1.6.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to change or delete arbitrary css and js files."},{"lang":"es","value":"El tema Cardealer para WordPress es vulnerable a la modificación no autorizada de datos y a la pérdida de datos debido a la falta de una verificación de capacidad y de una depuración de nombres de archivo en las funciones AJAX del esquema del tema de demostración en versiones hasta la 1.6.4 incluida. Esto permite que atacantes autenticados, con acceso de nivel de suscriptor o superior, cambien o eliminen archivos CSS y JS arbitrarios."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":2.5}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://themeforest.net/item/car-dealer-automotive-wordpress-theme-responsive/8574708","source":"security@wordfence.com"},{"url":"https://webtemplatemasters.com/cardealer/changelog/#v165","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/3e394ee2-13c1-4b04-a8a5-4642f1794d59?source=cve","source":"security@wordfence.com"}]}}]}