Search
Search Results (6 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-39515 | 2 Stylemix, Wordpress | 2 Motors, Wordpress | 2026-06-26 | 6.5 Medium |
| Subscriber Broken Access Control in Motors < 1.4.107 versions. | ||||
| CVE-2026-54828 | 2 Stylemix, Wordpress | 2 Motors, Wordpress | 2026-06-26 | 7.5 High |
| Unauthenticated Broken Access Control in Motors <= 1.4.109 versions. | ||||
| CVE-2026-54814 | 2 Stylemix, Wordpress | 2 Motors, Wordpress | 2026-06-25 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in StylemixThemes Motors allows PHP Local File Inclusion. This issue affects Motors: from n/a through 1.4.109. | ||||
| CVE-2026-54812 | 2 Stylemix, Wordpress | 2 Motors, Wordpress | 2026-06-25 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in StylemixThemes Motors allows Blind SQL Injection. This issue affects Motors: from n/a through 1.4.109. | ||||
| CVE-2025-54691 | 2 Stylemix, Wordpress | 2 Motors, Wordpress | 2026-04-23 | 5.3 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in Stylemix Motors motors-car-dealership-classified-listings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Motors: from n/a through <= 1.4.80. | ||||
| CVE-2025-10494 | 2 Stylemix, Wordpress | 2 Motors, Wordpress | 2026-04-22 | 8.1 High |
| The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation when deleting profile pictures in all versions up to, and including, 1.4.89. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). | ||||
Page 1 of 1.