3 matches found
Exploit for Missing Authorization in Stylemixthemes Motors_-_Car_Dealer\,_Classifieds_\&_Listing
CVE-2025-2807: Motors Plugin Exploit By: Nxploited | Khal...
CVE-2025-2807
CVE-2025-2807 affects the Motors – Car Dealership & Classified Listings Plugin for WordPress. All versions up to 1.4.64 lack a capability check in mvl_setup_wizard_install_plugin(), allowing authenticated users with Subscriber+ privileges to install/activate arbitrary plugins on the vulnerable si...
CVE-2025-2807 Motors – Car Dealership & Classified Listings Plugin <= 1.4.64 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation
The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary plugin installations due to a missing capability check in the mvlsetupwizardinstallplugin function in all versions up to, and including, 1.4.64. This makes it possible for authenticated...