CVE-2025-1282

Summary

CVE-2025-1282 is a vulnerability affecting the Car Dealer Automotive WordPress Theme. This theme, used by many WordPress sites, is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_post_photo() and add_car() functions. Authenticated attackers, including Subscribers, can exploit this flaw to delete arbitrary files on the server, increasing the risk of remote code execution, particularly when critical files like wp-config.php are targeted. The add_car() function may also grant attackers the ability to read arbitrary files, potentially revealing sensitive information. Versions up to and including 1.6.3 are impacted.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.