cleantalk
Vulnerabilities and Security Researches

Motors – Car Dealer, Classifieds & Listing, CVE-2025-2807

CVE, Research URL

CVE-2025-2807

Home page URL

Security reports for Motors – Car Dealer, Classifieds & Listing

Application

Motors – Car Dealer, Classifieds & Listing

Published on
Apr 08, 2025
Research Description
The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary plugin installations due to a missing capability check in the mvl_setup_wizard_install_plugin() function in all versions up to, and including, 1.4.64. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install and activate arbitrary plugins on the affected site's server which may make remote code execution possible.
Affected versions
Min -, max 1.4.65.
Status
vulnerable
Previous vulnerability researches
SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity (CVE-2024-12544) , Mar 02, 2025
SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity (CVE-2025-32256) , Apr 05, 2025
SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity (CVE-2025-32167) , Apr 05, 2025
SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity (CVE-2024-50427) , Oct 27, 2024
New vulnerability
WP-BusinessDirectory – Business directory plugin for WordPress (CVE-2025-32630) , Apr 18, 2025
WordPress WP-Advanced-Search (CVE-2025-39538) , Apr 18, 2025
Most And Least Read Posts Widget (CVE-2025-39549) , Apr 18, 2025
Forminator – Contact Form, Payment Form & Custom Form Builder (CVE-2025-3487) , Apr 18, 2025
Forminator – Contact Form, Payment Form & Custom Form Builder (CVE-2025-3479) , Apr 18, 2025