CVE-2026-54828

WordPress Motors plugin for WordPress, versions <= 1.4.109, has an unauthenticated Broken Access Control vulnerability. Affects Motors plugin core files/components on affected installs; CVSS 3.1 base score 7.5 (High) with network access, low attack complexity, no privileges required, no user i...

CVE-2026-54828 WordPress Motors plugin <= 1.4.109 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Motors = 1.4.109 versions...

CVE-2026-54812 WordPress Motors plugin <= 1.4.109 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in StylemixThemes Motors allows Blind SQL Injection. This issue affects Motors: from n/a through 1.4.109...

CVE-2026-54812

CVE-2026-54812 describes an SQL Injection in StylemixThemes Motors (WordPress plugin)

WordPress Motors plugin <= 1.4.109 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by HaiND in WordPress Plugin Motors versions = 1.4.109...

CVE-2026-39515 WordPress Motors plugin < 1.4.107 - Broken Access Control vulnerability

Subscriber Broken Access Control in Motors 1.4.107 versions...

CVE-2026-39515

The WordPress Motors plugin for WordPress, versions prior to 1.4.107, contains a Broken Access Control vulnerability that involves the Subscriber role. The issue enables unauthorized actions due to access control weaknesses in Motors

WordPress Motors – Car Dealership & Classified Listings Plugin plugin <= 1.4.107 - Authenticated (Subscriber+) Arbitrary File Deletion vulnerability

Authenticated Subscriber+ Arbitrary File Deletion vulnerability discovered by Leonid Semenenko lsemenenko in WordPress Plugin Motors versions = 1.4.107...

WordPress Motors – Car Dealership & Classified Listings Plugin plugin <= 1.4.103 - Missing Authorization to Authenticated (Subscriber+) Payment Bypass vulnerability

Missing Authorization to Authenticated Subscriber+ Payment Bypass vulnerability discovered by shrikant bhosale in WordPress Plugin Motors versions = 1.4.103...

WordPress Motors plugin < 1.4.107 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Jakub Herman in WordPress Plugin Motors versions 1.4.107...

WordPress Motors - Car Dealer, Classifieds & Listing plugin <= 1.4.57 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion and Listing Template Creation vulnerability

WordPress Motors - Car Dealer, Classifieds & Listing plugin = 1.4.57 - Missing Authorization to Authenticated Subscriber+ Arbitrary Post Deletion and Listing Template Creation vulnerability discovered by Thanh Nam Tran in WordPress Plugin Motors versions = 1.4.57...

CVE-2025-64374 WordPress Motors theme <= 5.6.81 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in StylemixThemes Motors motors allows Using Malicious Files.This issue affects Motors: from n/a through = 5.6.81...

CVE-2025-64374

CVE-2025-64374 affects the WordPress Motors theme (StylemixThemes Motors) at versions up to and including 5.6.81. The issue is an Unrestricted Upload of File with Dangerous Type vulnerability that could enable attackers to host or execute malicious files. Root cause: improper validation of upload...

CVE-2025-54691 WordPress Motors Plugin plugin <= 1.4.80 - Insecure Direct Object References (IDOR) Vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Stylemix Motors allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Motors: from n/a through 1.4.80...

CVE-2025-54691 WordPress Motors Plugin plugin <= 1.4.80 - Insecure Direct Object References (IDOR) Vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Stylemix Motors motors-car-dealership-classified-listings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Motors: from n/a through = 1.4.80...

CVE-2025-47586 WordPress Motors - Events plugin <= 1.4.7 - Unauthenticated Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in StylemixThemes Motors - Events stm-motors-events allows PHP Local File Inclusion.This issue affects Motors - Events: from n/a through = 1.4.7...

CVE-2025-47586 WordPress Motors - Events plugin <= 1.4.7 - Unauthenticated Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in StylemixThemes Motors - Events stm-motors-events allows PHP Local File Inclusion.This issue affects Motors - Events: from n/a through = 1.4.7...

📄 WordPress Motors 5.6.67 Privilege Escalation

WordPress Motors theme versions 5.6.67 and below suffer from a privilege escalation vulnerability that allows for account takeover. 🔐 CVE-2025-4322 – Motors = 5.6.67 - Unauthenticated Privilege Escalation via Password Update/Account Takeover 📌 Plugin Information - Plugin: Motors = 5.6.67 -...

CVE-2025-4322

The Motors theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.6.67. This is due to the theme not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to chan...

WordPress Motors Theme <= 5.6.67 is vulnerable to Privilege Escalation

Software Motors Type Theme Vulnerable versions = 5.6.67 Fixed in 5.6.68 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2025-4322 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID f2c68f043bd9 Credits Foxyyy Required...