includes/options.php in the motors-car-dealership-classified-listings (aka Motors - Car Dealer & Classified Ads) plugin through 1.4.0 for WordPress allows unauthenticated options changes.
6.5CVSS
6.6AI Score
0.002EPSS
includes/options.php in the motors-car-dealership-classified-listings (aka Motors - Car Dealer & Classified Ads) plugin through 1.4.0 for WordPress has multiple stored XSS issues.
6.1CVSS
6AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) vulnerability in StylemixThemes Motors – Car Dealer, Classifieds & Listing plugin <= 1.4.4 versions.
8.8CVSS
8.8AI Score
0.001EPSS
The Motors WordPress plugin before 1.4.4 does not properly validate uploaded files for dangerous file types (such as .php) in an AJAX action, allowing an attacker to sign up on a victim's WordPress instance, upload a malicious PHP file and attempt to launch a brute-force attack to discover the uplo...
8.8CVSS
8.7AI Score
0.001EPSS
Server-Side Request Forgery (SSRF) vulnerability in StylemixThemes Motors – Car Dealer, Classifieds & Listing.This issue affects Motors – Car Dealer, Classifieds & Listing: from n/a through 1.4.6.
7.5CVSS
7.7AI Score
0.001EPSS
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in StylemixThemes Motors – Car Dealer, Classifieds & Listing plugin <= 1.4.6 versions.
7.1CVSS
6AI Score
0.0005EPSS
The Motors – Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the stm_edit_delete_user_car function in all versions up to, and including, 1.4.8. This makes it possible for unauthenticated attackers to unpu...
5.3CVSS
5.2AI Score
0.0005EPSS