109 matches found
CVE-2026-13114
The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Comment Content and User Biographical Info in all versions up to, and including, 1.4.112 due to insufficient input sanitization and output escaping. This makes it possibl...
CVE-2026-13114 Motors <= 1.4.112 - Unauthenticated Stored Cross-Site Scripting via Comment Content and User Biographical Info
The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Comment Content and User Biographical Info in all versions up to, and including, 1.4.112 due to insufficient input sanitization and output escaping. This makes it possibl...
CVE-2026-13114
CVE-2026-13114 affects the Motors – Car Dealership & Classified Listings Plugin for WordPress, vulnerable to an unauthenticated Stored Cross-Site Scripting (XSS) via Comment Content and User Biographical Info in all versions up to 1.4.112. The flaw arises from insufficient input sanitization and ...
PT-2026-57376
Name of the Vulnerable Software and Affected Versions Motors – Car Dealership & Classified Listings Plugin versions prior to 1.4.113 Description Insufficient input sanitization and output escaping allow unauthenticated attackers to perform Stored Cross-Site Scripting XSS. This occurs when arbitra...
CVE-2026-54828 WordPress Motors plugin <= 1.4.109 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in Motors = 1.4.109 versions...
CVE-2026-54828
WordPress Motors plugin for WordPress, versions <= 1.4.109, has an unauthenticated Broken Access Control vulnerability. Affects Motors plugin core files/components on affected installs; CVSS 3.1 base score 7.5 (High) with network access, low attack complexity, no privileges required, no user i...
WordPress Motors Car Dealership & Classified Listings plugin < 1.4.110 - Unauthenticated Post-Meta Write via stm_ajax_add_a_car_media vulnerability
Unauthenticated Post-Meta Write via stmajaxaddacarmedia vulnerability discovered by Mustafa Ahmed in WordPress Plugin Motors versions 1.4.110...
CVE-2026-7859
The Motors WordPress plugin before 1.4.110 does not have proper authorisation and CSRF checks on one of its AJAX actions, allowing unauthenticated attackers to modify arbitrary post metadata, such as the gallery, featured image and, on WooCommerce sites, product prices...
CVE-2026-7859 Motors Car Dealership & Classified Listings < 1.4.110 - Unauthenticated Post-Meta Write via stm_ajax_add_a_car_media
The Motors WordPress plugin before 1.4.110 does not have proper authorisation and CSRF checks on one of its AJAX actions, allowing unauthenticated attackers to modify arbitrary post metadata, such as the gallery, featured image and, on WooCommerce sites, product prices...
CVE-2026-54812
CVE-2026-54812 describes an SQL Injection in StylemixThemes Motors (WordPress plugin)
CVE-2026-54812 WordPress Motors plugin <= 1.4.109 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in StylemixThemes Motors allows Blind SQL Injection. This issue affects Motors: from n/a through 1.4.109...
WordPress Motors plugin <= 1.4.109 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by HaiND in WordPress Plugin Motors versions = 1.4.109...
CVE-2026-54814 WordPress Motors plugin <= 1.4.109 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in StylemixThemes Motors allows PHP Local File Inclusion. This issue affects Motors: from n/a through 1.4.109...
CVE-2026-39515 WordPress Motors plugin < 1.4.107 - Broken Access Control vulnerability
Subscriber Broken Access Control in Motors 1.4.107 versions...
CVE-2026-39515
The WordPress Motors plugin for WordPress, versions prior to 1.4.107, contains a Broken Access Control vulnerability that involves the Subscriber role. The issue enables unauthorized actions due to access control weaknesses in Motors
CVE-2026-3892
The Motors – Car Dealership & Classified Listings Plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to 1.4.107 due to insufficient file path validation in the become-dealer logo upload flow. An authenticated user with subscriber+ access can set an arbitrary filesyst...
CVE-2026-3892 Motors – Car Dealer, Classifieds & Listing <= 1.4.107 - Authenticated (Subscriber+) Arbitrary File Deletion via 'stm_dealer_logo_path' Parameter
The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 1.4.107. This is due to insufficient file path validation in the become-dealer logo upload flow. The plugin allows any authenticated user to...
EUVD-2026-30247
The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 1.4.107. This is due to insufficient file path validation in the become-dealer logo upload flow. The plugin allows any authenticated user to...
PT-2026-40884
The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 1.4.107. This is due to insufficient file path validation in the become-dealer logo upload flow. The plugin allows any authenticated user to...
EUVD-2026-29422
The Motors – Car Dealership & Classified Listings plugin for WordPress is vulnerable to Payment Bypass via insecure user meta update in all versions up to, and including, 1.4.103 This is due to the stmsaveuserextrafields function updating sensitive user meta fields from POST data without verifyin...