CVE-2024-5545
published 2024-07-02CVE-2024-5545: The Motors – Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the…
PriorityP431medium5.3CVSS 3.1
AVNACLPRNUINSUCNILAN
EPSS
0.33%
24.7th percentile
The Motors – Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the stm_edit_delete_user_car function in all versions up to, and including, 1.4.8. This makes it possible for unauthenticated attackers to unpublish arbitrary posts and pages.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| stylemix | motors_car_dealership_classified_listings_plugin | <= 1.4.9 | — |
| stylemixthemes | motors_car_dealer_classifieds_listing | < 1.4.11 | 1.4.11 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3106579%40motors-car-dealership-classified-listings%2Ftrunk&old=3101090%40motors-car-dealership-classified-listings%2Ftrunk&sfp_email=&sfph_mail=https://www.wordfence.com/threat-intel/vulnerabilities/id/62731e0e-8843-4f79-b887-c595fbefae26?source=cvehttps://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3106579%40motors-car-dealership-classified-listings%2Ftrunk&old=3101090%40motors-car-dealership-classified-listings%2Ftrunk&sfp_email=&sfph_mail=https://www.wordfence.com/threat-intel/vulnerabilities/id/62731e0e-8843-4f79-b887-c595fbefae26?source=cve
2024-07-02
Published