cleantalk
Vulnerabilities and Security Researches

Motors – Car Dealer, Classifieds & Listing, CVE-2024-5545

CVE, Research URL

CVE-2024-5545

Home page URL

Security reports for Motors – Car Dealer, Classifieds & Listing

Application

Motors – Car Dealer, Classifieds & Listing

Published on
Jul 02, 2024
Research Description
The Motors – Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the stm_edit_delete_user_car function in all versions up to, and including, 1.4.8. This makes it possible for unauthenticated attackers to unpublish arbitrary posts and pages.
Affected versions
Min -, max 1.4.11.
Status
vulnerable
Previous vulnerability researches
Motors – Car Dealer, Classifieds & Listing (CVE-2024-10970) , Jan 17, 2025
Motors – Car Dealer, Classifieds & Listing (CVE-2023-46207) , Jun 07, 2024
Motors – Car Dealer, Classifieds & Listing (CVE-2023-46208) , Jun 07, 2024
Motors – Car Dealer, Classifieds & Listing (CVE-2019-17228) , Jun 07, 2024
Motors – Car Dealer, Classifieds & Listing (CVE-2022-38716) , Jun 07, 2024
New vulnerability
WPFront User Role Editor (CVE-2025-3064) , Apr 09, 2025
Simple WP Events (CVE-2025-2004) , Apr 09, 2025
Advanced Advertising System (CVE-2025-3433) , Apr 09, 2025
Melhor Envio (CVE-2024-13820) , Apr 09, 2025
AAWP Obfuscator (CVE-2025-3432) , Apr 09, 2025