VYPR

Motors Car Dealership Classified Listings

by WordPress

Source repositories

CVEs (4)

  • CVE-2025-10494HigOct 8, 2025
    risk 0.53cvss 8.1epss 0.00

    The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation when deleting profile pictures in all versions up to, and including, 1.4.89. This makes it possible for authenticated…

  • CVE-2026-3892HigMay 14, 2026
    risk 0.46cvss 8.1epss 0.00

    The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 1.4.107. This is due to insufficient file path validation in the become-dealer logo upload flow. The plugin allows any…

  • CVE-2025-32170MedApr 4, 2025
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Stylemix Motors motors-car-dealership-classified-listings allows Stored XSS.This issue affects Motors: from n/a through <= 1.4.71.

  • CVE-2026-1934MedMay 12, 2026
    risk 0.21cvss 4.3epss 0.00

    The Motors – Car Dealership & Classified Listings plugin for WordPress is vulnerable to Payment Bypass via insecure user meta update in all versions up to, and including, 1.4.103 This is due to the stm_save_user_extra_fields() function updating sensitive user meta fields from…