WordPress Motors plugin < 1.4.107 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Jakub Herman in WordPress Plugin Motors versions 1.4.107...

WordPress Motors - Car Dealer, Classifieds & Listing plugin <= 1.4.57 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion and Listing Template Creation vulnerability

WordPress Motors - Car Dealer, Classifieds & Listing plugin = 1.4.57 - Missing Authorization to Authenticated Subscriber+ Arbitrary Post Deletion and Listing Template Creation vulnerability discovered by Thanh Nam Tran in WordPress Plugin Motors versions = 1.4.57...

CVE-2025-54691 WordPress Motors Plugin plugin <= 1.4.80 - Insecure Direct Object References (IDOR) Vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Stylemix Motors allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Motors: from n/a through 1.4.80...

CVE-2025-54691 WordPress Motors Plugin plugin <= 1.4.80 - Insecure Direct Object References (IDOR) Vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Stylemix Motors motors-car-dealership-classified-listings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Motors: from n/a through = 1.4.80...

CVE-2025-47586 WordPress Motors - Events plugin <= 1.4.7 - Unauthenticated Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in StylemixThemes Motors - Events stm-motors-events allows PHP Local File Inclusion.This issue affects Motors - Events: from n/a through = 1.4.7...

CVE-2025-32654

CVE-2025-32654 affects Motors – Car Dealership & Classified Listings Plugin (WordPress) and is an unauthenticated Local File Inclusion (LFI) via improper control of the filename in PHP include/require. Affected versions are Motors

CVE-2025-32654 WordPress Motors plugin <= 1.4.71 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Stylemix Motors motors-car-dealership-classified-listings allows PHP Local File Inclusion.This issue affects Motors: from n/a through = 1.4.71...

CVE-2025-2807

The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary plugin installations due to a missing capability check in the mvlsetupwizardinstallplugin function in all versions up to, and including, 1.4.64. This makes it possible for authenticated...

WordPress Motors plugin <= 1.4.71 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by LVT-tholv2k in WordPress Plugin Motors versions = 1.4.71...

WordPress Motors plugin <= 1.4.64 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Plugin Installation vulnerability discovered by mikemyers in WordPress Plugin Motors versions = 1.4.64...

WordPress Motors plugin <= 1.4.63 - Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting vulnerability discovered by siavashvafshar in WordPress Plugin Motors versions = 1.4.63...

CVE-2025-32170

CVE-2025-32170 concerns the Motors – Car Dealership & Classified Listings WordPress plugin. The Connected Wordfence entry identifies an Authenticated Local File Inclusion (LFI) vulnerability affecting Motors versions up to 1.4.71, with patching applied in 1.4.71. The CVE description in the Initia...

CVE-2025-32170 WordPress Motors plugin <= 1.4.71 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Stylemix Motors motors-car-dealership-classified-listings allows Stored XSS.This issue affects Motors: from n/a through = 1.4.71...

CVE-2025-32142

CVE-2025-32142 affects Motors – Car Dealership & Classified Listings Plugin (WordPress). The vulnerability is an Improper Control of Filename for Include/Require in PHP (PHP Local File Inclusion) that enables LFI, with the issue described as part of Motors versions up to 1.4.65 in the initial ent...

CVE-2025-32142 WordPress Motors plugin <= 1.4.71 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Stylemix Motors motors-car-dealership-classified-listings allows PHP Local File Inclusion.This issue affects Motors: from n/a through = 1.4.71...

WordPress Motors plugin <= 1.4.71 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by LVT-tholv2k in WordPress Plugin Motors versions = 1.4.71...

WordPress plugin Motors 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress Motors plugin <= 1.4.43 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via Custom Title vulnerability

Authenticated Subscriber+ Arbitrary Shortcode Execution via Custom Title vulnerability discovered by WordFence in WordPress Plugin Motors versions = 1.4.43...

WordPress Motors plugin <= 1.4.9 - Missing Authorization vulnerability

Missing Authorization vulnerability discovered by Krzysztof Zając in WordPress Plugin Motors versions = 1.4.9...

WordPress plugin Motors security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...