Vulnerabilities and security researches formotors-car-dealership-classified-listings motors-car-dealership-classified-listings
Direction: ascendingJun 07, 2024
Motors – Car Dealer, Classifieds & Listing # CVE-2023-46207
- CVE, Research URL
- Application
- Date
- Nov 13, 2023
- Research Description
- Server-Side Request Forgery (SSRF) vulnerability in StylemixThemes Motors – Car Dealer, Classifieds & Listing.This issue affects Motors – Car Dealer, Classifieds & Listing: from n/a through 1.4.6.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Motors – Car Dealer, Classifieds & Listing # CVE-2023-46208
- CVE, Research URL
- Application
- Date
- Oct 28, 2023
- Research Description
- Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in StylemixThemes Motors – Car Dealer, Classifieds & Listing plugin <= 1.4.6 versions.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Motors – Car Dealer, Classifieds & Listing # CVE-2019-17228
- CVE, Research URL
- Application
- Date
- Feb 25, 2020
- Research Description
- includes/options.php in the motors-car-dealership-classified-listings (aka Motors - Car Dealer & Classified Ads) plugin through 1.4.0 for WordPress allows unauthenticated options changes.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Motors – Car Dealer, Classifieds & Listing # CVE-2022-38716
- CVE, Research URL
- Application
- Date
- May 25, 2023
- Research Description
- Cross-Site Request Forgery (CSRF) vulnerability in StylemixThemes Motors – Car Dealer, Classifieds & Listing plugin <= 1.4.4 versions.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Motors – Car Dealer, Classifieds & Listing # CVE-2022-3989
- CVE, Research URL
- Application
- Date
- Dec 12, 2022
- Research Description
- The Motors WordPress plugin before 1.4.4 does not properly validate uploaded files for dangerous file types (such as .php) in an AJAX action, allowing an attacker to sign up on a victim's WordPress instance, upload a malicious PHP file and attempt to launch a brute-force attack to discover the uploaded payload.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Motors – Car Dealer, Classifieds & Listing # CVE-2019-17229
- CVE, Research URL
- Application
- Date
- Feb 25, 2020
- Research Description
- includes/options.php in the motors-car-dealership-classified-listings (aka Motors - Car Dealer & Classified Ads) plugin through 1.4.0 for WordPress has multiple stored XSS issues.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Jul 04, 2024
Motors – Car Dealer, Classifieds & Listing # CVE-2024-5545
- CVE, Research URL
- Application
- Date
- Jul 02, 2024
- Research Description
- The Motors – Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the stm_edit_delete_user_car function in all versions up to, and including, 1.4.8. This makes it possible for unauthenticated attackers to unpublish arbitrary posts and pages.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Jan 17, 2025
Motors – Car Dealer, Classifieds & Listing # CVE-2024-10970
- CVE, Research URL
- Application
- Date
- Jan 16, 2025
- Research Description
- The The Motors – Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.4.43. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Mar 24, 2025
Motors – Car Dealer, Classifieds & Listing # CVE-2024-13737
- CVE, Research URL
- Application
- Date
- Mar 22, 2025
- Research Description
- The Motors – Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability checks on the motors_create_template and motors_delete_template functions in all versions up to, and including, 1.4.57. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary posts or create listing templates. This issue requires Elementor plugin to be installed, which is a required plugin for Motors Starter Theme.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Apr 06, 2025
Motors – Car Dealer, Classifieds & Listing # CVE-2025-32142
- CVE, Research URL
- Application
- Date
- Apr 04, 2025
- Research Description
- Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Stylemix Motors allows PHP Local File Inclusion. This issue affects Motors: from n/a through 1.4.65.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Motors – Car Dealer, Classifieds & Listing # CVE-2025-32170
- CVE, Research URL
- Application
- Date
- Apr 04, 2025
- Research Description
- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Stylemix Motors allows Stored XSS. This issue affects Motors: from n/a through 1.4.65.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable