Vulnerabilities and security researches forcar-demon car-demon

Jun 16, 2026

CVE, Research URL: 3a62378f-414d-4216-ba93-268d823a2353
Home page URL: Security reports for Car Demon
Application: Car Demon
Date: -
Research Description: Car Demon [car-demon] <= 1.0.1 (unfixed + closed) Car Demon 1.0.1 - /wp-admin/edit.php Multiple Parameter XSS The Car Demon WordPress plugin was affected by a /wp-admin/edit.php Multiple Parameter XSS security vulnerability.
Affected versions: max 1.0.1.
Status: vulnerable

CVE, Research URL: a40013e7-1e0f-4615-8b3e-29ed2dd23b19
Home page URL: Security reports for Car Demon
Application: Car Demon
Date: -
Research Description: Car Demon [car-demon] <= 1.0.1 (unfixed + closed) Car Demon 1.0.1 - /wp-admin/post.php Multiple Parameter XSS The Car Demon WordPress plugin was affected by a /wp-admin/post.php Multiple Parameter XSS security vulnerability.
Affected versions: max 1.0.1.
Status: vulnerable

Jan 16, 2025

CVE, Research URL: CVE-2024-13334
Home page URL: Security reports for Car Demon
Application: Car Demon
Date: Jan 15, 2025
Research Description: The Car Demon plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'search_condition' parameter in all versions up to, and including, 1.8.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected versions: max 1.8.1.
Status: vulnerable

Jun 07, 2024

CVE, Research URL: cb04f089d388d3de9950abc1f4156e86fbf7062b
Home page URL: Security reports for Car Demon
Application: Car Demon
Date: May 15, 2015
Research Description: Car Demon [car-demon] < 1.0.2 (closed) WordPress Car Demon Plugin <= 1.0.1 - Cross Site Scripting This plugin is prone to a /wp-admin/edit.php multiple parameter cross site scripting vulnerability. Update the plugin.
Affected versions: max 1.0.2.
Status: vulnerable