cleantalk
Vulnerabilities and Security Researches

Motors – Car Dealer, Classifieds & Listing, CVE-2025-3437

CVE, Research URL

CVE-2025-3437

Home page URL

Security reports for Motors – Car Dealer, Classifieds & Listing

Application

Motors – Car Dealer, Classifieds & Listing

Published on
Apr 08, 2025
Research Description
The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in the ajax_actions.php file in all versions up to, and including, 1.4.66. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute several initial set-up actions.
Affected versions
Min -, max 1.4.67.
Status
vulnerable
Previous vulnerability researches
Broadstreet (CVE-2025-32270) , Apr 05, 2025
Broadstreet (CVE-2025-32211) , Apr 10, 2025
Broadstreet (CVE-2024-11825) , Jan 27, 2025
New vulnerability
Integration for WooCommerce and QuickBooks (CVE-2025-39600) , Apr 18, 2025
GB Gallery Slideshow (CVE-2025-32649) , Apr 18, 2025
Question Answer (CVE-2025-32646) , Apr 18, 2025
PropertyHive (CVE-2025-39577) , Apr 18, 2025
WP-BusinessDirectory – Business directory plugin for WordPress (CVE-2025-32630) , Apr 18, 2025