CVE-2022-3989

Published: Dec 12, 2022Modified: Apr 22, 2025

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

The Motors WordPress plugin before 1.4.4 does not properly validate uploaded files for dangerous file types (such as .php) in an AJAX action, allowing an attacker to sign up on a victim's WordPress instance, upload a malicious PHP file and attempt to launch a brute-force attack to discover the uploaded payload.

Affected (1)

Products: Stylemixthemes: Motors Car Dealer, Classifieds & Listing

Stylemixthemes

1 product

Motors Car Dealer, Classifieds & Listing

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Stylemixthemes Motors Car Dealer, Classifieds & Listing	Before 1.4.4

References (2)

https://wpscan.com/vulnerability/1bd20329-f3a5-466d-81b0-e4ff0ca32091

Source: contact@wpscan.com

ExploitThird Party Advisory

https://wpscan.com/vulnerability/1bd20329-f3a5-466d-81b0-e4ff0ca32091

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.