CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2 days ago•31 views

CVE-2026-7859 Motors Car Dealership & Classified Listings < 1.4.110 - Unauthenticated Post-Meta Write via stm_ajax_add_a_car_media

0.00117EPSS

Cvelist•added last week•31 views

CVE-2026-54812 WordPress Motors plugin <= 1.4.109 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in StylemixThemes Motors allows Blind SQL Injection. This issue affects Motors: from n/a through 1.4.109...

9.3CVSS0.00291EPSS

CVE•added last week•12 views

CVE-2026-54812

CVE-2026-54812 describes an SQL Injection in StylemixThemes Motors (WordPress plugin)

9.3CVSS5.6AI score0.00291EPSS

Cvelist•added last week•25 views

CVE-2026-54814 WordPress Motors plugin <= 1.4.109 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in StylemixThemes Motors allows PHP Local File Inclusion. This issue affects Motors: from n/a through 1.4.109...

8.1CVSS0.00337EPSS

Cvelist•added 2026/06/15 8:18 p.m.•23 views

CVE-2026-39515 WordPress Motors plugin < 1.4.107 - Broken Access Control vulnerability

Subscriber Broken Access Control in Motors 1.4.107 versions...

6.5CVSS0.00352EPSS

CVE•added 2026/06/15 8:18 p.m.•5 views

CVE-2026-39515

The WordPress Motors plugin for WordPress, versions prior to 1.4.107, contains a Broken Access Control vulnerability that involves the Subscriber role. The issue enables unauthorized actions due to access control weaknesses in Motors

6.5CVSS5.1AI score0.00352EPSS

EUVD•added 2026/05/14 6:44 a.m.•10 views

EUVD-2026-30247

The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 1.4.107. This is due to insufficient file path validation in the become-dealer logo upload flow. The plugin allows any authenticated user to...

Vulnrichment•added 2026/05/14 6:44 a.m.•5 views

Exploits0References2

CVE-2026-3892 Motors – Car Dealer, Classifieds & Listing <= 1.4.107 - Authenticated (Subscriber+) Arbitrary File Deletion via 'stm_dealer_logo_path' Parameter

CVE•added 2026/05/14 6:44 a.m.•17 views

Exploits0References2

CVE-2026-3892

The Motors – Car Dealership & Classified Listings Plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to 1.4.107 due to insufficient file path validation in the become-dealer logo upload flow. An authenticated user with subscriber+ access can set an arbitrary filesyst...

Positive Technologies•added 2026/05/14 12:0 a.m.•8 views

Exploits0References2

PT-2026-40884

EUVD•added 2026/05/12 12:32 p.m.•20 views

Exploits0References3

EUVD-2026-29422

The Motors – Car Dealership & Classified Listings plugin for WordPress is vulnerable to Payment Bypass via insecure user meta update in all versions up to, and including, 1.4.103 This is due to the stmsaveuserextrafields function updating sensitive user meta fields from POST data without verifyin...

Cvelist•added 2026/05/12 8:27 a.m.•58 views

Exploits0References7

CVE-2026-1934 Motors – Car Dealership & Classified Listings Plugin <= 1.4.103 - Missing Authorization to Authenticated (Subscriber+) Payment Bypass via 'stm_payment_status' Parameter

4.3CVSS0.00222EPSS

Exploits0References6

CVE•added 2026/05/12 8:27 a.m.•21 views

CVE-2026-1934

The CVE describes a flaw in the Motors – Car Dealership & Classified Listings WordPress plugin (versions

Vulnrichment•added 2026/05/12 8:27 a.m.•6 views

Exploits0References6

CVE-2026-1934 Motors – Car Dealership & Classified Listings Plugin <= 1.4.103 - Missing Authorization to Authenticated (Subscriber+) Payment Bypass via 'stm_payment_status' Parameter

CNNVD•added 2026/05/12 12:0 a.m.•6 views

Exploits0References6

WordPress plugin Motors – Car Dealership & Classified Listings 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

Patchstack•added 2026/04/21 9:53 a.m.•4 views

WordPress Motors plugin < 1.4.107 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Jakub Herman in WordPress Plugin Motors versions 1.4.107...

5.8AI score0.00352EPSS

Exploits0Affected Software1

Patchstack•added 2025/12/31 12:0 a.m.•2 views

WordPress Motors - Car Dealer, Classifieds & Listing plugin <= 1.4.57 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion and Listing Template Creation vulnerability

WordPress Motors - Car Dealer, Classifieds & Listing plugin = 1.4.57 - Missing Authorization to Authenticated Subscriber+ Arbitrary Post Deletion and Listing Template Creation vulnerability discovered by Thanh Nam Tran in WordPress Plugin Motors versions = 1.4.57...

4.3CVSS8.4AI score0.00288EPSS

Exploits0References1Affected Software1

CNNVD•added 2025/12/18 12:0 a.m.•3 views

WordPress plugin Motors 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

9.9CVSS6.8AI score0.00315EPSS