cleantalk
Vulnerabilities and Security Researches

Motors – Car Dealer, Classifieds & Listing, CVE-2024-13737

CVE, Research URL

CVE-2024-13737

Home page URL

Security reports for Motors – Car Dealer, Classifieds & Listing

Application

Motors – Car Dealer, Classifieds & Listing

Published on
Mar 22, 2025
Research Description
The Motors – Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability checks on the motors_create_template and motors_delete_template functions in all versions up to, and including, 1.4.57. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary posts or create listing templates. This issue requires Elementor plugin to be installed, which is a required plugin for Motors Starter Theme.
Affected versions
Min -, max 1.4.58.
Status
vulnerable
Previous vulnerability researches
Motors – Car Dealer, Classifieds & Listing (CVE-2024-10970) , Jan 17, 2025
Motors – Car Dealer, Classifieds & Listing (CVE-2023-46207) , Jun 07, 2024
Motors – Car Dealer, Classifieds & Listing (CVE-2023-46208) , Jun 07, 2024
Motors – Car Dealer, Classifieds & Listing (CVE-2019-17228) , Jun 07, 2024
Motors – Car Dealer, Classifieds & Listing (CVE-2022-38716) , Jun 07, 2024
New vulnerability
Simple WP Events (CVE-2025-2004) , Apr 09, 2025
Advanced Advertising System (CVE-2025-3433) , Apr 09, 2025
Melhor Envio (CVE-2024-13820) , Apr 09, 2025
AAWP Obfuscator (CVE-2025-3432) , Apr 09, 2025
coreActivity: Activity Logging plugin for WordPress (CVE-2025-3436) , Apr 09, 2025