cleantalk
Vulnerabilities and Security Researches

Motors – Car Dealer, Classifieds & Listing, CVE-2025-2807

CVE, Research URL

CVE-2025-2807

Home page URL

Security reports for Motors – Car Dealer, Classifieds & Listing

Application

Motors – Car Dealer, Classifieds & Listing

Published on
Apr 08, 2025
Research Description
The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary plugin installations due to a missing capability check in the mvl_setup_wizard_install_plugin() function in all versions up to, and including, 1.4.64. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install and activate arbitrary plugins on the affected site's server which may make remote code execution possible.
Affected versions
Min -, max 1.4.65.
Status
vulnerable
Previous vulnerability researches
SCSS WP Editor (CVE-2025-31808) , Apr 04, 2025
New vulnerability
WordPress WP-Advanced-Search (CVE-2025-39538) , Apr 18, 2025
Most And Least Read Posts Widget (CVE-2025-39549) , Apr 18, 2025
Forminator – Contact Form, Payment Form & Custom Form Builder (CVE-2025-3487) , Apr 18, 2025
Forminator – Contact Form, Payment Form & Custom Form Builder (CVE-2025-3479) , Apr 18, 2025
WPAdverts – Classifieds Plugin (CVE-2025-39576) , Apr 18, 2025