Unrated severityNVD Advisory· Published Dec 12, 2022· Updated Apr 22, 2025
Motors - Car Dealer, Classifieds & Listing < 1.4.4 - Arbitrary File Upload
CVE-2022-3989
Description
The Motors WordPress plugin before 1.4.4 does not properly validate uploaded files for dangerous file types (such as .php) in an AJAX action, allowing an attacker to sign up on a victim's WordPress instance, upload a malicious PHP file and attempt to launch a brute-force attack to discover the uploaded payload.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- wpscan.com/vulnerability/1bd20329-f3a5-466d-81b0-e4ff0ca32091mitreexploitvdb-entrytechnical-description
News mentions
0No linked articles in our index yet.