4 matches found
CVE-2022-3989
The Motors WordPress plugin before 1.4.4 does not properly validate uploaded files for dangerous file types such as .php in an AJAX action, allowing an attacker to sign up on a victim's WordPress instance, upload a malicious PHP file and attempt to launch a brute-force attack to discover the...
CVE-2022-3989
The Motors WordPress plugin before 1.4.4 does not properly validate uploaded files for dangerous file types such as .php in an AJAX action, allowing an attacker to sign up on a victim's WordPress instance, upload a malicious PHP file and attempt to launch a brute-force attack to discover the...
CVE-2022-3989 Motors - Car Dealer, Classifieds & Listing < 1.4.4 - Arbitrary File Upload
The Motors WordPress plugin before 1.4.4 does not properly validate uploaded files for dangerous file types such as .php in an AJAX action, allowing an attacker to sign up on a victim's WordPress instance, upload a malicious PHP file and attempt to launch a brute-force attack to discover the...
CVE-2022-3989
The Motors WordPress plugin is vulnerable in versions before 1.4.4 due to improper validation of uploaded files for dangerous types (e.g., .php) in an AJAX action. This can allow a user to sign up on a victim WordPress instance, upload PHP payloads, and potentially launch a brute‑force/credential...