CVE-2025-2808

Medium CVSS: 5.4

The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Phone Number parameter in all versions up to, and including, 1.4.63 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Vendor

Stylemixthemes

Product

Motors - Car Dealer\, Classifieds \& Listing

CWE

CWE-79

Yayın Tarihi

2025-04-08 10:15:18

Güncelleme

2025-08-08 19:52:54

Source Identifier

security@wordfence.com

KEV Date Added

Kategoriler

CWE-79 Motors - Car Dealer\, Classifieds \& Listing MEDIUM Stylemixthemes 2025

Referanslar

https://plugins.trac.wordpress.org/changeset/3262748/motors-car-dealership-classified-listings/trunk/includes/actions.php https://www.wordfence.com/threat-intel/vulnerabilities/id/90e420be-fe6e-4a35-9c06-f0d360c9f9bf?source=cve

Benzer Kayıtlar

Medium

CVE-2025-14757

The Cost Calculator Builder plugin for WordPress is vulnerable to Unauthenticated Payment Status Bypass in all versions…

Medium

CVE-2025-3437

The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to unauthorized modification…

High

CVE-2025-2807

The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary plugin installa…

Medium

CVE-2024-13737

The Motors – Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to unauthorized modification of data d…

High

CVE-2025-1653

The Directory Listings WordPress plugin – uListing plugin for WordPress is vulnerable to Privilege Escalation in all ver…

High

CVE-2025-1657

The Directory Listings WordPress plugin – uListing plugin for WordPress is vulnerable to unauthorized modification of da…