CVE-2025-2807

High CVSS: 8.8

The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary plugin installations due to a missing capability check in the mvl_setup_wizard_install_plugin() function in all versions up to, and including, 1.4.64. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install and activate arbitrary plugins on the affected site's server which may make remote code execution possible.

Vendor

Stylemixthemes

Product

Motors - Car Dealer\, Classifieds \& Listing

CWE

CWE-862

Yayın Tarihi

2025-04-08 10:15:16

Güncelleme

2025-08-08 20:02:34

Source Identifier

security@wordfence.com

KEV Date Added

Kategoriler

CWE-862 Motors - Car Dealer\, Classifieds \& Listing HIGH Stylemixthemes 2025

Referanslar

https://plugins.trac.wordpress.org/changeset/3262748/motors-car-dealership-classified-listings/trunk/includes/admin/setup-wizard/includes/ajax_actions.php https://www.wordfence.com/threat-intel/vulnerabilities/id/733f7666-468a-455c-a953-3d8946940f13?source=cve

Benzer Kayıtlar

Medium

CVE-2025-14757

The Cost Calculator Builder plugin for WordPress is vulnerable to Unauthenticated Payment Status Bypass in all versions…

Medium

CVE-2025-3437

The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to unauthorized modification…

Medium

CVE-2025-2808

The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripti…

Medium

CVE-2024-13737

The Motors – Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to unauthorized modification of data d…

High

CVE-2025-1653

The Directory Listings WordPress plugin – uListing plugin for WordPress is vulnerable to Privilege Escalation in all ver…

High

CVE-2025-1657

The Directory Listings WordPress plugin – uListing plugin for WordPress is vulnerable to unauthorized modification of da…