Motors <= 5.6.67 - Unauthenticated Privilege Escalation via Password Update/Account Takeover

The Motors theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.6.67. This is due to the theme not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to chan...

Motors Car Dealer & Classified Ads <= 1.4.0 - Unauthenticated settings import/export

includes/options.php in the motors-car-dealership-classified-listings aka Motors - Car Dealer & Classified Ads plugin through 1.4.0 for WordPress allows unauthenticated options changes. id: CVE-2019-17228 info: name: Motors Car Dealer & Classified Ads = 1.4.0 - Unauthenticated settings...

WordPress Motors – Car Dealership & Classified Listings Plugin plugin <= 1.4.107 - Authenticated (Subscriber+) Arbitrary File Deletion vulnerability

Authenticated Subscriber+ Arbitrary File Deletion vulnerability discovered by Leonid Semenenko lsemenenko in WordPress Plugin Motors versions = 1.4.107...

EUVD-2026-30247

The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 1.4.107. This is due to insufficient file path validation in the become-dealer logo upload flow. The plugin allows any authenticated user to...

CVE-2026-3892 Motors – Car Dealer, Classifieds & Listing <= 1.4.107 - Authenticated (Subscriber+) Arbitrary File Deletion via 'stm_dealer_logo_path' Parameter

The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 1.4.107. This is due to insufficient file path validation in the become-dealer logo upload flow. The plugin allows any authenticated user to...

CVE-2026-3892 Motors – Car Dealer, Classifieds & Listing <= 1.4.107 - Authenticated (Subscriber+) Arbitrary File Deletion via 'stm_dealer_logo_path' Parameter

The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 1.4.107. This is due to insufficient file path validation in the become-dealer logo upload flow. The plugin allows any authenticated user to...

CVE-2026-3892

The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 1.4.107. This is due to insufficient file path validation in the become-dealer logo upload flow. The plugin allows any authenticated user to...

CVE-2026-3892

The Motors – Car Dealership & Classified Listings Plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to 1.4.107 due to insufficient file path validation in the become-dealer logo upload flow. An authenticated user with subscriber+ access can set an arbitrary filesyst...

WordPress plugin Motors 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

PT-2026-40884

The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 1.4.107. This is due to insufficient file path validation in the become-dealer logo upload flow. The plugin allows any authenticated user to...

EUVD-2026-29422

The Motors – Car Dealership & Classified Listings plugin for WordPress is vulnerable to Payment Bypass via insecure user meta update in all versions up to, and including, 1.4.103 This is due to the stmsaveuserextrafields function updating sensitive user meta fields from POST data without verifyin...

CVE-2026-1934 Motors – Car Dealership & Classified Listings Plugin <= 1.4.103 - Missing Authorization to Authenticated (Subscriber+) Payment Bypass via 'stm_payment_status' Parameter

The Motors – Car Dealership & Classified Listings plugin for WordPress is vulnerable to Payment Bypass via insecure user meta update in all versions up to, and including, 1.4.103 This is due to the stmsaveuserextrafields function updating sensitive user meta fields from POST data without verifyin...

CVE-2026-1934

The CVE describes a flaw in the Motors – Car Dealership & Classified Listings WordPress plugin (versions

CVE-2026-1934 Motors – Car Dealership & Classified Listings Plugin <= 1.4.103 - Missing Authorization to Authenticated (Subscriber+) Payment Bypass via 'stm_payment_status' Parameter

The Motors – Car Dealership & Classified Listings plugin for WordPress is vulnerable to Payment Bypass via insecure user meta update in all versions up to, and including, 1.4.103 This is due to the stmsaveuserextrafields function updating sensitive user meta fields from POST data without verifyin...

CVE-2026-1934

The Motors – Car Dealership & Classified Listings plugin for WordPress is vulnerable to Payment Bypass via insecure user meta update in all versions up to, and including, 1.4.103 This is due to the stmsaveuserextrafields function updating sensitive user meta fields from POST data without verifyin...

WordPress plugin Motors – Car Dealership & Classified Listings 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

WordPress Motors – Car Dealership & Classified Listings Plugin plugin <= 1.4.103 - Missing Authorization to Authenticated (Subscriber+) Payment Bypass vulnerability

Missing Authorization to Authenticated Subscriber+ Payment Bypass vulnerability discovered by shrikant bhosale in WordPress Plugin Motors versions = 1.4.103...

WordPress Motors plugin < 1.4.107 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Jakub Herman in WordPress Plugin Motors versions 1.4.107...

WordPress Motors - Car Dealer, Classifieds & Listing plugin <= 1.4.57 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion and Listing Template Creation vulnerability

WordPress Motors - Car Dealer, Classifieds & Listing plugin = 1.4.57 - Missing Authorization to Authenticated Subscriber+ Arbitrary Post Deletion and Listing Template Creation vulnerability discovered by Thanh Nam Tran in WordPress Plugin Motors versions = 1.4.57...

CVE-2025-64374

Unrestricted Upload of File with Dangerous Type vulnerability in StylemixThemes Motors motors allows Using Malicious Files.This issue affects Motors: from n/a through = 5.6.81...