CVE-2026-54828

WordPress Motors plugin for WordPress, versions <= 1.4.109, has an unauthenticated Broken Access Control vulnerability. Affects Motors plugin core files/components on affected installs; CVSS 3.1 base score 7.5 (High) with network access, low attack complexity, no privileges required, no user i...

CVE-2026-54828 WordPress Motors plugin <= 1.4.109 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Motors = 1.4.109 versions...

CVE-2026-54812 WordPress Motors plugin <= 1.4.109 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in StylemixThemes Motors allows Blind SQL Injection. This issue affects Motors: from n/a through 1.4.109...

CVE-2026-54812

CVE-2026-54812 describes an SQL Injection in StylemixThemes Motors (WordPress plugin)

WordPress Motors plugin <= 1.4.109 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by HaiND in WordPress Plugin Motors versions = 1.4.109...

CVE-2026-39515 WordPress Motors plugin < 1.4.107 - Broken Access Control vulnerability

Subscriber Broken Access Control in Motors 1.4.107 versions...

CVE-2026-39515

The WordPress Motors plugin for WordPress, versions prior to 1.4.107, contains a Broken Access Control vulnerability that involves the Subscriber role. The issue enables unauthorized actions due to access control weaknesses in Motors

WordPress Motors plugin < 1.4.107 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Jakub Herman in WordPress Plugin Motors versions 1.4.107...

WordPress Motors - Car Dealer, Classifieds & Listing plugin <= 1.4.57 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion and Listing Template Creation vulnerability

WordPress Motors - Car Dealer, Classifieds & Listing plugin = 1.4.57 - Missing Authorization to Authenticated Subscriber+ Arbitrary Post Deletion and Listing Template Creation vulnerability discovered by Thanh Nam Tran in WordPress Plugin Motors versions = 1.4.57...

CVE-2025-54691 WordPress Motors Plugin plugin <= 1.4.80 - Insecure Direct Object References (IDOR) Vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Stylemix Motors allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Motors: from n/a through 1.4.80...

CVE-2025-54691 WordPress Motors Plugin plugin <= 1.4.80 - Insecure Direct Object References (IDOR) Vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Stylemix Motors motors-car-dealership-classified-listings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Motors: from n/a through = 1.4.80...

CVE-2025-47586 WordPress Motors - Events plugin <= 1.4.7 - Unauthenticated Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in StylemixThemes Motors - Events stm-motors-events allows PHP Local File Inclusion.This issue affects Motors - Events: from n/a through = 1.4.7...

CVE-2025-32654

CVE-2025-32654 affects Motors – Car Dealership & Classified Listings Plugin (WordPress) and is an unauthenticated Local File Inclusion (LFI) via improper control of the filename in PHP include/require. Affected versions are Motors

CVE-2025-32654 WordPress Motors plugin <= 1.4.71 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Stylemix Motors motors-car-dealership-classified-listings allows PHP Local File Inclusion.This issue affects Motors: from n/a through = 1.4.71...

CVE-2025-2807

The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary plugin installations due to a missing capability check in the mvlsetupwizardinstallplugin function in all versions up to, and including, 1.4.64. This makes it possible for authenticated...

WordPress Motors plugin <= 1.4.71 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by LVT-tholv2k in WordPress Plugin Motors versions = 1.4.71...

WordPress Motors plugin <= 1.4.64 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Plugin Installation vulnerability discovered by mikemyers in WordPress Plugin Motors versions = 1.4.64...

WordPress Motors plugin <= 1.4.63 - Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting vulnerability discovered by siavashvafshar in WordPress Plugin Motors versions = 1.4.63...

CVE-2025-32170 WordPress Motors plugin <= 1.4.71 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Stylemix Motors motors-car-dealership-classified-listings allows Stored XSS.This issue affects Motors: from n/a through = 1.4.71...

CVE-2025-32170

CVE-2025-32170 concerns the Motors – Car Dealership & Classified Listings WordPress plugin. The Connected Wordfence entry identifies an Authenticated Local File Inclusion (LFI) vulnerability affecting Motors versions up to 1.4.71, with patching applied in 1.4.71. The CVE description in the Initia...