Stylemixthemes Motors Car Dealer Classifieds Listing vulnerabilities
12 known vulnerabilities affecting stylemixthemes/motors_car_dealer_classifieds_listing.
Total CVEs
12
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
HIGH4MEDIUM8
Vulnerabilities
Page 1 of 1
CVE-2019-17228P2MEDIUMCVSS 6.5ExploitedPoC≤ 1.4.02020-02-24
CVE-2019-17228 [MEDIUM] CWE-345 CVE-2019-17228: includes/options.php in the motors-car-dealership-classified-listings (aka Motors - Car Dealer & Cla
includes/options.php in the motors-car-dealership-classified-listings (aka Motors - Car Dealer & Classified Ads) plugin through 1.4.0 for WordPress allows unauthenticated options changes.
nvd
CVE-2025-2807P2HIGHCVSS 8.8fixed in 1.4.652025-04-08
CVE-2025-2807 [HIGH] CWE-862 CVE-2025-2807: The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbit
The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary plugin installations due to a missing capability check in the mvl_setup_wizard_install_plugin() function in all versions up to, and including, 1.4.64. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inst
nvd
CVE-2022-3989P3HIGHCVSS 8.8fixed in 1.4.42022-12-12
CVE-2022-3989 [HIGH] CWE-434 CVE-2022-3989: The Motors WordPress plugin before 1.4.4 does not properly validate uploaded files for dangerous fil
The Motors WordPress plugin before 1.4.4 does not properly validate uploaded files for dangerous file types (such as .php) in an AJAX action, allowing an attacker to sign up on a victim's WordPress instance, upload a malicious PHP file and attempt to launch a brute-force attack to discover the uploaded payload.
nvd
CVE-2023-46207P3HIGHCVSS 7.5≤ 1.4.62023-11-13
CVE-2023-46207 [HIGH] CWE-918 CVE-2023-46207: Server-Side Request Forgery (SSRF) vulnerability in StylemixThemes Motors – Car Dealer, Classifieds
Server-Side Request Forgery (SSRF) vulnerability in StylemixThemes Motors – Car Dealer, Classifieds & Listing.This issue affects Motors – Car Dealer, Classifieds & Listing: from n/a through 1.4.6.
nvd
CVE-2022-38716P4HIGHCVSS 8.8≤ 1.4.42023-05-25
CVE-2022-38716 [HIGH] CWE-352 CVE-2022-38716: Cross-Site Request Forgery (CSRF) vulnerability in StylemixThemes Motors – Car Dealer, Classifieds &
Cross-Site Request Forgery (CSRF) vulnerability in StylemixThemes Motors – Car Dealer, Classifieds & Listing plugin <= 1.4.4 versions.
nvd
CVE-2024-10970P4MEDIUMCVSS 5.4fixed in 1.4.442025-01-16
CVE-2024-10970 [MEDIUM] CWE-94 CVE-2024-10970: The The Motors – Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to arbitrary s
The The Motors – Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.4.43. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, wi
nvd
CVE-2024-5545P4MEDIUMCVSS 5.3fixed in 1.4.112024-07-02
CVE-2024-5545 [MEDIUM] CWE-862 CVE-2024-5545: The Motors – Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to unauthorized mo
The Motors – Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the stm_edit_delete_user_car function in all versions up to, and including, 1.4.8. This makes it possible for unauthenticated attackers to unpublish arbitrary posts and pages.
nvd
CVE-2019-17229P4MEDIUMCVSS 6.1≤ 1.4.02020-02-24
CVE-2019-17229 [MEDIUM] CWE-79 CVE-2019-17229: includes/options.php in the motors-car-dealership-classified-listings (aka Motors - Car Dealer & Cla
includes/options.php in the motors-car-dealership-classified-listings (aka Motors - Car Dealer & Classified Ads) plugin through 1.4.0 for WordPress has multiple stored XSS issues.
nvd
CVE-2025-2808P4MEDIUMCVSS 5.4fixed in 1.4.642025-04-08
CVE-2025-2808 [MEDIUM] CWE-79 CVE-2025-2808: The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to Store
The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Phone Number parameter in all versions up to, and including, 1.4.63 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to
nvd
CVE-2024-13737P4MEDIUMCVSS 4.3fixed in 1.4.582025-03-22
CVE-2024-13737 [MEDIUM] CWE-862 CVE-2024-13737: The Motors – Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to unauthorized mo
The Motors – Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability checks on the motors_create_template and motors_delete_template functions in all versions up to, and including, 1.4.57. This makes it possible for authenticated attackers, with Subscriber-level access and
nvd
CVE-2023-46208P4MEDIUMCVSS 6.1≤ 1.4.62023-10-27
CVE-2023-46208 [MEDIUM] CWE-79 CVE-2023-46208: Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in StylemixThemes Motors – Car Dealer, Cl
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in StylemixThemes Motors – Car Dealer, Classifieds & Listing plugin <= 1.4.6 versions.
nvd
CVE-2025-3437P4MEDIUMCVSS 4.3fixed in 1.4.672025-04-08
CVE-2025-3437 [MEDIUM] CWE-862 CVE-2025-3437: The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to unaut
The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in the ajax_actions.php file in all versions up to, and including, 1.4.66. This makes it possible for authenticated attackers, with Subscriber-level access and above, to
nvd