Lucene search
K

109 matches found

NVD
NVD
added 3 days ago5 views

CVE-2026-13114

The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Comment Content and User Biographical Info in all versions up to, and including, 1.4.112 due to insufficient input sanitization and output escaping. This makes it possibl...

7.2CVSS0.00247EPSS
Exploits0References8
Cvelist
Cvelist
added 3 days ago34 views

CVE-2026-13114 Motors <= 1.4.112 - Unauthenticated Stored Cross-Site Scripting via Comment Content and User Biographical Info

The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Comment Content and User Biographical Info in all versions up to, and including, 1.4.112 due to insufficient input sanitization and output escaping. This makes it possibl...

7.2CVSS0.00247EPSS
Exploits0References8
CVE
CVE
added 3 days ago13 views

CVE-2026-13114

CVE-2026-13114 affects the Motors – Car Dealership & Classified Listings Plugin for WordPress, vulnerable to an unauthenticated Stored Cross-Site Scripting (XSS) via Comment Content and User Biographical Info in all versions up to 1.4.112. The flaw arises from insufficient input sanitization and ...

7.2CVSS6.2AI score0.00247EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 3 days ago10 views

PT-2026-57376

Name of the Vulnerable Software and Affected Versions Motors – Car Dealership & Classified Listings Plugin versions prior to 1.4.113 Description Insufficient input sanitization and output escaping allow unauthenticated attackers to perform Stored Cross-Site Scripting XSS. This occurs when arbitra...

7.2CVSS6.2AI score0.00247EPSS
Exploits0References12
Cvelist
Cvelist
added 2026/06/25 1:12 p.m.29 views

CVE-2026-54828 WordPress Motors plugin <= 1.4.109 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Motors = 1.4.109 versions...

7.5CVSS0.00238EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 1:12 p.m.17 views

CVE-2026-54828

WordPress Motors plugin for WordPress, versions &lt;= 1.4.109, has an unauthenticated Broken Access Control vulnerability. Affects Motors plugin core files/components on affected installs; CVSS 3.1 base score 7.5 (High) with network access, low attack complexity, no privileges required, no user i...

7.5CVSS5.8AI score0.00238EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/22 8:45 a.m.12 views

WordPress Motors Car Dealership & Classified Listings plugin < 1.4.110 - Unauthenticated Post-Meta Write via stm_ajax_add_a_car_media vulnerability

Unauthenticated Post-Meta Write via stmajaxaddacarmedia vulnerability discovered by Mustafa Ahmed in WordPress Plugin Motors versions 1.4.110...

5.3CVSS5.8AI score0.00117EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/22 6:0 a.m.5 views

CVE-2026-7859

The Motors WordPress plugin before 1.4.110 does not have proper authorisation and CSRF checks on one of its AJAX actions, allowing unauthenticated attackers to modify arbitrary post metadata, such as the gallery, featured image and, on WooCommerce sites, product prices...

5.3CVSS6AI score0.00117EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/22 6:0 a.m.34 views

CVE-2026-7859 Motors Car Dealership & Classified Listings < 1.4.110 - Unauthenticated Post-Meta Write via stm_ajax_add_a_car_media

The Motors WordPress plugin before 1.4.110 does not have proper authorisation and CSRF checks on one of its AJAX actions, allowing unauthenticated attackers to modify arbitrary post metadata, such as the gallery, featured image and, on WooCommerce sites, product prices...

0.00117EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 2:24 p.m.16 views

CVE-2026-54812

CVE-2026-54812 describes an SQL Injection in StylemixThemes Motors (WordPress plugin)

9.3CVSS5.6AI score0.00291EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 2:24 p.m.34 views

CVE-2026-54812 WordPress Motors plugin <= 1.4.109 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in StylemixThemes Motors allows Blind SQL Injection. This issue affects Motors: from n/a through 1.4.109...

9.3CVSS0.00291EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/17 1:59 p.m.8 views

WordPress Motors plugin <= 1.4.109 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by HaiND in WordPress Plugin Motors versions = 1.4.109...

7.5CVSS5.8AI score0.00238EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2026/06/17 1:41 p.m.31 views

CVE-2026-54814 WordPress Motors plugin <= 1.4.109 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in StylemixThemes Motors allows PHP Local File Inclusion. This issue affects Motors: from n/a through 1.4.109...

8.1CVSS0.00337EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 8:18 p.m.27 views

CVE-2026-39515 WordPress Motors plugin < 1.4.107 - Broken Access Control vulnerability

Subscriber Broken Access Control in Motors 1.4.107 versions...

6.5CVSS0.00352EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 8:18 p.m.11 views

CVE-2026-39515

The WordPress Motors plugin for WordPress, versions prior to 1.4.107, contains a Broken Access Control vulnerability that involves the Subscriber role. The issue enables unauthorized actions due to access control weaknesses in Motors

6.5CVSS5.1AI score0.00352EPSS
Exploits0References1
CVE
CVE
added 2026/05/14 6:44 a.m.21 views

CVE-2026-3892

The Motors – Car Dealership & Classified Listings Plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to 1.4.107 due to insufficient file path validation in the become-dealer logo upload flow. An authenticated user with subscriber+ access can set an arbitrary filesyst...

8.1CVSS5.9AI score0.00256EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/14 6:44 a.m.8 views

CVE-2026-3892 Motors – Car Dealer, Classifieds & Listing <= 1.4.107 - Authenticated (Subscriber+) Arbitrary File Deletion via 'stm_dealer_logo_path' Parameter

The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 1.4.107. This is due to insufficient file path validation in the become-dealer logo upload flow. The plugin allows any authenticated user to...

8.1CVSS5.9AI score0.00256EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/14 6:44 a.m.15 views

EUVD-2026-30247

The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 1.4.107. This is due to insufficient file path validation in the become-dealer logo upload flow. The plugin allows any authenticated user to...

8.1CVSS5.9AI score0.00256EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.17 views

PT-2026-40884

The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 1.4.107. This is due to insufficient file path validation in the become-dealer logo upload flow. The plugin allows any authenticated user to...

8.1CVSS5.9AI score0.00256EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/12 12:32 p.m.23 views

EUVD-2026-29422

The Motors – Car Dealership & Classified Listings plugin for WordPress is vulnerable to Payment Bypass via insecure user meta update in all versions up to, and including, 1.4.103 This is due to the stmsaveuserextrafields function updating sensitive user meta fields from POST data without verifyin...

4.3CVSS5.8AI score0.00222EPSS
Exploits0References7
Rows per page
Query Builder