CVE-2021-24375 Motor theme < 3.1.0 - Local File Inclusion

🗓️ 06 Jul 2021 11:03:26Reported by WPScanType

Motor theme < 3.1.0 - Local File Inclusion allows unauthenticated access to arbitrary server file

Reporter	Title	Published	Views	Family All 12
BDU FSTEC	The vulnerabilities of the implementations of functions based on the AJAX technology, such as motor_load_more(), motor_gallery_load_more(), motor_quick_view(), and motor_project_quick_view(), in the “Motor – Cars, Parts, Service, Equipments and Accessories” theme. This theme is part of the WooCommerce store and uses the WordPress content management system. These vulnerabilities allow an attacker to execute arbitrary PHP code or gain unauthorized access to protected information.	25 Aug 202100:00	–	bdu_fstec
CNNVD	WordPress 插件路径遍历漏洞	6 Jul 202100:00	–	cnnvd
CNVD	WordPress Motor theme license issue vulnerability	7 Jul 202100:00	–	cnvd
CVE	CVE-2021-24375	6 Jul 202111:03	–	cve
EUVD	EUVD-2021-11287	7 Oct 202500:30	–	euvd
NVD	CVE-2021-24375	6 Jul 202111:15	–	nvd
OSV	CVE-2021-24375	6 Jul 202111:15	–	osv
Patchstack	WordPress Motor premium theme <= 3.0 - Unauthenticated Local File Inclusion (LFI) vulnerability	9 Jun 202100:00	–	patchstack
Prion	Authentication flaw	6 Jul 202111:15	–	prion
RedhatCVE	CVE-2021-24375	22 May 202521:03	–	redhatcve

[
  {
    "product": "Motor",
    "vendor": "Stockware",
    "versions": [
      {
        "lessThan": "3.1.0",
        "status": "affected",
        "version": "3.1.0",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
jetpack	www.jetpack.com/2021/06/09/motor-wordpress-theme-vulnerabilities/
wpscan	www.wpscan.com/vulnerability/d9518429-79d3-4b13-88ff-3722d05efa9f

06 Jul 2021 11:03Current

10High risk

Vulners AI Score10

EPSS0.02633

CWE-22