WordPress
Multiple Products
The WP CarDealer plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2.16. This is due to the 'WP_CarDe...
2025-12-12
Description
The WP CarDealer plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2.16. This is due to the 'WP_CarDealer_User::process_register' function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to supply the 'administrator' role during registration and gain administrator access to the site.
AI Analyst Comment
Remediation
Update The WP CarDealer plugin for WordPress is vulnerable to Privilege Escalation in all versions up Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
---METADATA---
VENDOR: Contemporary Controls
PRODUCT: BASC 20T
AFFECTED_VERSIONS: See vendor advisory
CONFIDENCE: medium
MISSING: versions, patch
---END_METADATA---
Description Summary:
Contemporary Controls BASC 20T is susceptible to packet forgery attacks, allowing an attacker to execute arbitrary requests by sniffing and manipulating network traffic.
Executive Summary:
A critical vulnerability in the Contemporary Controls BASC 20T allows remote attackers to perform arbitrary requests by sniffing and forging network traffic, posing a severe risk to operational integrity.
Vulnerability Details
CVE-ID: CVE-2025-13926
Affected Software: Contemporary Controls BASC 20T
Affected Versions: See vendor advisory
Vulnerability: This vulnerability allows an attacker to conduct packet forgery by obtaining data through network sniffing. This facilitates the injection of arbitrary requests into the target system, potentially bypassing intended communication security.
Business Impact
With a CVSS score of 9.8, this vulnerability represents a critical threat to the availability and integrity of the BASC 20T device. Successful exploitation could allow an attacker to gain unauthorized control over the device, leading to service disruption or unauthorized operational commands. This could have significant downstream impacts on industrial or building automation systems.
Remediation Plan
Immediate Action: Contact the vendor or monitor the official Contemporary Controls security portal for available firmware updates addressing this packet forgery vulnerability.
Proactive Monitoring: Implement network traffic monitoring to detect unauthorized sniffing or anomalous packet patterns directed at the BASC 20T.
Compensating Controls: Isolate the affected devices on a restricted VLAN and employ encrypted communication protocols to prevent packet sniffing and forgery.
Exploitation Status
Public Exploit Available: Not specified
Analyst Notes: As of Apr 9, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Given the critical CVSS severity, administrators should restrict network access to the BASC 20T immediately. Apply vendor-provided patches as soon as they become available to mitigate the risk of arbitrary request execution.