Lucene search
+L

370 matches found

nuclei
nuclei
added yesterday11 views

Motors Car Dealer & Classified Ads <= 1.4.0 - Unauthenticated settings import/export

includes/options.php in the motors-car-dealership-classified-listings aka Motors - Car Dealer & Classified Ads plugin through 1.4.0 for WordPress allows unauthenticated options changes. id: CVE-2019-17228 info: name: Motors Car Dealer & Classified Ads = 1.4.0 - Unauthenticated settings...

6.5CVSS6.6AI score0.01153EPSS
Exploits1References4
nuclei
nuclei
added yesterday93 views

Motors <= 5.6.67 - Unauthenticated Privilege Escalation via Password Update/Account Takeover

The Motors theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.6.67. This is due to the theme not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to chan...

9.8CVSS7.2AI score0.18241EPSS
Exploits3References4
nvd
nvd
added 5 days ago5 views

CVE-2026-13114

The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Comment Content and User Biographical Info in all versions up to, and including, 1.4.112 due to insufficient input sanitization and output escaping. This makes it possibl...

7.2CVSS0.00247EPSS
Exploits0References8
cve
cve
added 5 days ago13 views

CVE-2026-13114

CVE-2026-13114 affects the Motors – Car Dealership & Classified Listings Plugin for WordPress, vulnerable to an unauthenticated Stored Cross-Site Scripting (XSS) via Comment Content and User Biographical Info in all versions up to 1.4.112. The flaw arises from insufficient input sanitization and ...

7.2CVSS6.2AI score0.00247EPSS
Exploits0References8
cvelist
cvelist
added 5 days ago34 views

CVE-2026-13114 Motors <= 1.4.112 - Unauthenticated Stored Cross-Site Scripting via Comment Content and User Biographical Info

The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Comment Content and User Biographical Info in all versions up to, and including, 1.4.112 due to insufficient input sanitization and output escaping. This makes it possibl...

7.2CVSS0.00247EPSS
Exploits0References8
ptsecurity
ptsecurity
added 5 days ago10 views

PT-2026-57376

Name of the Vulnerable Software and Affected Versions Motors – Car Dealership & Classified Listings Plugin versions prior to 1.4.113 Description Insufficient input sanitization and output escaping allow unauthenticated attackers to perform Stored Cross-Site Scripting XSS. This occurs when arbitra...

7.2CVSS6.2AI score0.00247EPSS
Exploits0References12
nvd
nvd
added 2026/07/02 12:17 p.m.5 views

CVE-2026-27433

Unauthenticated Broken Access Control in Motors = 5.6.80 versions...

6.5CVSS0.00253EPSS
Exploits0References1
euvd
euvd
added 2026/07/02 11:14 a.m.7 views

EUVD-2026-41337

Unauthenticated Broken Access Control in Motors = 5.6.80 versions...

6.5CVSS5.8AI score0.00253EPSS
Exploits0References1
cvelist
cvelist
added 2026/07/02 11:14 a.m.36 views

CVE-2026-27433 WordPress Motors theme <= 5.6.80 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Motors = 5.6.80 versions...

6.5CVSS0.00253EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/07/02 11:14 a.m.9 views

CVE-2026-27433

Unauthenticated Broken Access Control in Motors = 5.6.80 versions...

6.5CVSS5.8AI score0.00253EPSS
Exploits0References2
cve
cve
added 2026/07/02 11:14 a.m.16 views

CVE-2026-27433

The CVE concerns the WordPress Motors theme (

6.5CVSS5.8AI score0.00253EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/07/02 12:0 a.m.21 views

PT-2026-54981

Name of the Vulnerable Software and Affected Versions Motors versions prior to 5.6.81 Description An unauthenticated broken access control issue exists, allowing unauthorized users to bypass access restrictions. Recommendations Update to a version newer than 5.6.80...

6.5CVSS5.9AI score0.00253EPSS
Exploits0References4
patchstack
patchstack
added 2026/06/30 7:4 p.m.6 views

WordPress Motors – Car Dealership & Classified Listings Plugin plugin <= 1.4.111 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Meta Modification vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Post Meta Modification vulnerability discovered by Michael Perla vizen5 - clixhouse in WordPress Plugin Motors versions = 1.4.111...

4.3CVSS5.8AI score0.00232EPSS
Exploits0References1Affected Software1
patchstack
patchstack
added 2026/06/30 1:2 p.m.6 views

WordPress Motors theme <= 5.6.80 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Rafie Muhammad in WordPress Theme Motors versions = 5.6.80...

6.5CVSS5.8AI score0.00253EPSS
Exploits0Affected Software1
cvelist
cvelist
added 2026/06/25 1:12 p.m.29 views

CVE-2026-54828 WordPress Motors plugin <= 1.4.109 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Motors = 1.4.109 versions...

7.5CVSS0.00238EPSS
Exploits0References1
euvd
euvd
added 2026/06/25 1:12 p.m.8 views

EUVD-2026-39366

Unauthenticated Broken Access Control in Motors = 1.4.109 versions...

7.5CVSS5.8AI score0.00238EPSS
Exploits0References1
cve
cve
added 2026/06/25 1:12 p.m.19 views

CVE-2026-54828

WordPress Motors plugin for WordPress, versions &lt;= 1.4.109, has an unauthenticated Broken Access Control vulnerability. Affects Motors plugin core files/components on affected installs; CVSS 3.1 base score 7.5 (High) with network access, low attack complexity, no privileges required, no user i...

7.5CVSS5.8AI score0.00238EPSS
Exploits0References1
patchstack
patchstack
added 2026/06/22 8:45 a.m.12 views

WordPress Motors Car Dealership & Classified Listings plugin < 1.4.110 - Unauthenticated Post-Meta Write via stm_ajax_add_a_car_media vulnerability

Unauthenticated Post-Meta Write via stmajaxaddacarmedia vulnerability discovered by Mustafa Ahmed in WordPress Plugin Motors versions 1.4.110...

5.3CVSS5.8AI score0.00117EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2026/06/22 6:0 a.m.34 views

CVE-2026-7859 Motors Car Dealership & Classified Listings < 1.4.110 - Unauthenticated Post-Meta Write via stm_ajax_add_a_car_media

The Motors WordPress plugin before 1.4.110 does not have proper authorisation and CSRF checks on one of its AJAX actions, allowing unauthenticated attackers to modify arbitrary post metadata, such as the gallery, featured image and, on WooCommerce sites, product prices...

0.00117EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/06/22 6:0 a.m.6 views

CVE-2026-7859

The Motors WordPress plugin before 1.4.110 does not have proper authorisation and CSRF checks on one of its AJAX actions, allowing unauthenticated attackers to modify arbitrary post metadata, such as the gallery, featured image and, on WooCommerce sites, product prices...

5.3CVSS6AI score0.00117EPSS
Exploits0References1
Rows per page
Query Builder