CVE-2024-10970

Medium CVSS: 5.4

The The Motors – Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.4.43. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes.

Vendor

Stylemixthemes

Product

Motors - Car Dealer\, Classifieds \& Listing

CWE

CWE-94

Yayın Tarihi

2025-01-16 02:15:26

Güncelleme

2025-08-08 17:29:48

Source Identifier

security@wordfence.com

KEV Date Added

Kategoriler

CWE-94 Motors - Car Dealer\, Classifieds \& Listing MEDIUM Stylemixthemes 2025

Referanslar

https://plugins.trac.wordpress.org/browser/motors-car-dealership-classified-listings/tags/1.4.42/includes/functions.php#L939 https://www.wordfence.com/threat-intel/vulnerabilities/id/fc58c679-3e87-4bcc-b1bc-718ae52c291a?source=cve

Benzer Kayıtlar

Medium

CVE-2025-14757

The Cost Calculator Builder plugin for WordPress is vulnerable to Unauthenticated Payment Status Bypass in all versions…

Medium

CVE-2025-3437

The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to unauthorized modification…

Medium

CVE-2025-2808

The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripti…

High

CVE-2025-2807

The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary plugin installa…

Medium

CVE-2024-13737

The Motors – Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to unauthorized modification of data d…

High

CVE-2025-1653

The Directory Listings WordPress plugin – uListing plugin for WordPress is vulnerable to Privilege Escalation in all ver…