High severity8.8NVD Advisory· Published Dec 12, 2022· Updated Jun 17, 2026
CVE-2022-3989
CVE-2022-3989
Description
The Motors WordPress plugin before 1.4.4 does not properly validate uploaded files for dangerous file types (such as .php) in an AJAX action, allowing an attacker to sign up on a victim's WordPress instance, upload a malicious PHP file and attempt to launch a brute-force attack to discover the uploaded payload.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/1bd20329-f3a5-466d-81b0-e4ff0ca32091nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.