Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Motors_\-_car_dealer\,_classifieds_\&_listing
(Stylemixthemes)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 7 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-07-02 | CVE-2024-5545 | The Motors – Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the stm_edit_delete_user_car function in all versions up to, and including, 1.4.8. This makes it possible for unauthenticated attackers to unpublish arbitrary posts and pages. | Motors_\-_car_dealer\,_classifieds_\&_listing | 5.3 | ||
| 2023-11-13 | CVE-2023-46207 | Server-Side Request Forgery (SSRF) vulnerability in StylemixThemes Motors – Car Dealer, Classifieds & Listing.This issue affects Motors – Car Dealer, Classifieds & Listing: from n/a through 1.4.6. | Motors_\-_car_dealer\,_classifieds_\&_listing | 7.5 | ||
| 2022-12-12 | CVE-2022-3989 | The Motors WordPress plugin before 1.4.4 does not properly validate uploaded files for dangerous file types (such as .php) in an AJAX action, allowing an attacker to sign up on a victim's WordPress instance, upload a malicious PHP file and attempt to launch a brute-force attack to discover the uploaded payload. | Motors_\-_car_dealer\,_classifieds_\&_listing | 8.8 | ||
| 2023-10-27 | CVE-2023-46208 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in StylemixThemes Motors – Car Dealer, Classifieds & Listing plugin <= 1.4.6 versions. | Motors_\-_car_dealer\,_classifieds_\&_listing | 6.1 | ||
| 2023-05-25 | CVE-2022-38716 | Cross-Site Request Forgery (CSRF) vulnerability in StylemixThemes Motors – Car Dealer, Classifieds & Listing plugin <= 1.4.4 versions. | Motors_\-_car_dealer\,_classifieds_\&_listing | 8.8 | ||
| 2020-02-24 | CVE-2019-17229 | includes/options.php in the motors-car-dealership-classified-listings (aka Motors - Car Dealer & Classified Ads) plugin through 1.4.0 for WordPress has multiple stored XSS issues. | Motors_\-_car_dealer\,_classifieds_\&_listing | N/A | ||
| 2020-02-24 | CVE-2019-17228 | includes/options.php in the motors-car-dealership-classified-listings (aka Motors - Car Dealer & Classified Ads) plugin through 1.4.0 for WordPress allows unauthenticated options changes. | Motors_\-_car_dealer\,_classifieds_\&_listing | N/A |