cbcvebase.
CVE-2019-17228
published 2020-02-24

CVE-2019-17228: includes/options.php in the motors-car-dealership-classified-listings (aka Motors - Car Dealer & Classified Ads) plugin through 1.4.0 for WordPress allows…

PriorityP278medium6.5CVSS 3.1
AVNACLPRNUINSUCLILAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
1.15%
63.0th percentile
includes/options.php in the motors-car-dealership-classified-listings (aka Motors - Car Dealer & Classified Ads) plugin through 1.4.0 for WordPress allows unauthenticated options changes.

Affected

1 ranges
VendorProductVersion rangeFixed in
stylemixthemesmotors_car_dealer_classifieds_listing<= 1.4.0

Detection & IOCsextracted from sources · hover to see the quote

pathincludes/options.php
url/?export_settings=1
commandPOST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----WebKitFormBoundary7MA4YWxkTrZu0gW ... Content-Disposition: form-data; name="import_settings"; filename="<random>.json"
  • Detect unauthenticated POST requests to WordPress root with multipart form-data containing the 'import_settings' field name — this triggers the unauthenticated options import in the Motors plugin.
  • Detect unauthenticated GET requests with the query parameter 'export_settings=1' to the WordPress root — this triggers unauthenticated settings export and returns a JSON file attachment (filename=file.json).
  • Successful exploitation of the export endpoint is confirmed by a response header containing 'filename=file.json' with HTTP 200 status.
  • Fingerprint vulnerable WordPress installations by searching for the plugin path string in page body: wp-content/plugins/motors-car-dealership-classified-listings/
  • ·The vulnerability affects only plugin versions up to and including 1.4.0; version 1.4.1 and later are patched.
  • ·The exploit requires two requests: first a multipart POST to import arbitrary settings, then a GET with export_settings=1 to confirm the injected values are reflected — both must succeed for full confirmation.

CVSS provenance

nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:P/I:P/A:N
vulncheck6.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.