Where should operators start on this Plugin hub?

Start with the priority CVE quick links, then open the full report for affected versions, remediation notes, CVSS vectors, and source references.

Plugin Vulnerability Hub

Plugin 17 known issues Latest disclosed Oct 07, 2025

Motors – Car Dealership & Classified Listings Plugin Vulnerabilities

Q: Which Motors – Car Dealership & Classified Listings Plugin CVEs are tracked?

Motors – Car Dealership & Classified Listings Plugin tracked CVEs include CVE-2025-32654, CVE-2022-3989, CVE-2025-2807, CVE-2025-32142, and CVE-2025-10494.

Q: How many Motors – Car Dealership & Classified Listings Plugin vulnerabilities have patch guidance?

17 of 17 tracked Motors – Car Dealership & Classified Listings Plugin records include a published patch path.

Review known vulnerability records for the WordPress plugin Motors – Car Dealership & Classified Listings Plugin (`motors-car-dealership-classified-listings`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2025-10494, CVE-2025-54691 and CVE-2025-32654, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed

Known Records

High or Critical

Patch Coverage

100%

Last Updated

Oct 08, 2025

Priority CVE Quick Links

Fast paths into Motors – Car Dealership & Classified Listings Plugin CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs

CVE-2025-32654 Critical 1.4.72

CVE-2025-32654 Motors – Car Dealership & Classified Listings Plugin Local File Inclusion

Motors <= 1.4.71 - Unauthenticated Local File Inclusion

CVE-2022-3989 Critical 1.4.4

CVE-2022-3989 Motors – Car Dealership & Classified Listings Plugin Remote Code Execution

Motors – Car Dealer, Classifieds & Listing <= 1.4.3 - Unauthenticated Arbitrary File Upload

CVE-2025-2807 High 1.4.65

CVE-2025-2807 Motors – Car Dealership & Classified Listings Plugin Remote Code Execution

Motors – Car Dealership & Classified Listings Plugin <= 1.4.64 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation

CVE-2025-32142 High 1.4.72

CVE-2025-32142 Motors – Car Dealership & Classified Listings Plugin Local File Inclusion

Motors <= 1.4.71 - Authenticated (Contributor+) Local File Inclusion

CVE-2025-10494 High 1.4.90

CVE-2025-10494 Motors – Car Dealership & Classified Listings Plugin Remote Code Execution

Motors – Car Dealership & Classified Listings Plugin <= 1.4.89 - Authenticated (Subscriber+) Arbitrary File Deletion

CVE-2023-46207 High 1.4.7

CVE-2023-46207 Motors – Car Dealership & Classified Listings Plugin Server-Side Request Forgery

Motors – Car Dealer & Classified Ads <= 1.4.6 - Server Side Request Forgery

CVE-2019-17228 Medium 1.4.1

CVE-2019-17228 Motors – Car Dealership & Classified Listings Plugin Vulnerability

Motors Car Dealer & Classified Ads <= 1.4.0 - Unauthenticated Settings Import/Export

CVE-2025-32170 Medium 1.4.72

CVE-2025-32170 Motors – Car Dealership & Classified Listings Plugin Stored Cross-Site Scripting

Motors <= 1.4.71 - Authenticated (Contributor+) Stored Cross-Site Scripting

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for Motors – Car Dealership & Classified Listings Plugin so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility

17 records include a published patch path, leaving 0 with no listed safe release yet.

Severity Mix

2 critical and 4 high severity findings.

Recent CVEs

CVE-2025-10494, CVE-2025-54691 and CVE-2025-32654

Reference Workflow

Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.

Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

CVE-2025-10494 High Patch path listed

CVE-2025-10494: Motors – Car Dealership & Classified Listings Plugin <= 1.4.89 - Authenticated (Subscriber+) Arbitrary File Deletion

The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation when deleting profile pictures...

Published

Oct 07, 2025

Patch Status

1.4.90

Open CVE-2025-10494 Report

CVE-2025-54691 Medium Patch path listed

CVE-2025-54691: Motors <= 1.4.80 - Unauthenticated Insecure Direct Object Reference

The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.4.80 due to missing va...

Published

Jul 30, 2025

Patch Status

1.4.81

Open CVE-2025-54691 Report

CVE-2025-32654 Critical Patch path listed

CVE-2025-32654: Motors <= 1.4.71 - Unauthenticated Local File Inclusion

The Motors plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.4.71. This makes it possible for unauthenticated attackers to include and execute ar...

Published

Apr 09, 2025

Patch Status

1.4.72

Open CVE-2025-32654 Report

Known Vulnerabilities

Reports for Motors – Car Dealership & Classified Listings Plugin

Sorted by latest disclosure date so newly published issues surface first.

Plugin High Patched: Yes CVE-2025-10494

CVE-2025-10494: Motors – Car Dealership & Classified Listings Plugin <= 1.4.89 - Authenticated (Subscriber+) Arbitrary File Deletion

The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation when deleting profile pictures in all versions up to, and including, 1.4.89. This makes it possible for authenticated at...

Published

Oct 07, 2025

Patched Release

1.4.90

Affected Versions

Versions up to 1.4.89

Next Step

Update to 1.4.90 or newer if supported.

Open CVE-2025-10494 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2025-54691

CVE-2025-54691: Motors <= 1.4.80 - Unauthenticated Insecure Direct Object Reference

The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.4.80 due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to...

Published

Jul 30, 2025

Patched Release

1.4.81

Affected Versions

Versions up to 1.4.80

Next Step

Update to 1.4.81 or newer if supported.

Open CVE-2025-54691 Report Open CVE Reference

Plugin Critical Patched: Yes CVE-2025-32654

CVE-2025-32654: Motors <= 1.4.71 - Unauthenticated Local File Inclusion

The Motors plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.4.71. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This c...

Published

Apr 09, 2025

Patched Release

1.4.72

Affected Versions

Versions up to 1.4.71

Next Step

Update to 1.4.72 or newer if supported.

Open CVE-2025-32654 Report Open CVE Reference

Plugin High Patched: Yes CVE-2025-2807

CVE-2025-2807: Motors – Car Dealership & Classified Listings Plugin <= 1.4.64 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation

The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary plugin installations due to a missing capability check in the mvl_setup_wizard_install_plugin() function in all versions up to, and including, 1.4.64. This makes it possible f...

Published

Apr 07, 2025

Patched Release

1.4.65

Affected Versions

Versions up to 1.4.64

Next Step

Update to 1.4.65 or newer if supported.

Open CVE-2025-2807 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2025-3437

CVE-2025-3437: Motors – Car Dealership & Classified Listings Plugin <= 1.4.66 - Missing Authorization to Authenticated (Subscriber+) Wizard Set-up

The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in the ajax_actions.php file in all versions up to, and including, 1.4.66. This makes it possibl...

Published

Apr 07, 2025

Patched Release

1.4.67

Affected Versions

Versions up to 1.4.66

Next Step

Update to 1.4.67 or newer if supported.

Open CVE-2025-3437 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2025-2808

CVE-2025-2808: Motors – Car Dealership & Classified Listings Plugin <= 1.4.63 - Authenticated (Subscriber+) Stored Cross-Site Scripting

The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Phone Number parameter in all versions up to, and including, 1.4.63 due to insufficient input sanitization and output escaping. This makes it possibl...

Published

Apr 07, 2025

Patched Release

1.4.64

Affected Versions

Versions up to 1.4.63

Next Step

Update to 1.4.64 or newer if supported.

Open CVE-2025-2808 Report Open CVE Reference

Plugin High Patched: Yes CVE-2025-32142

CVE-2025-32142: Motors <= 1.4.71 - Authenticated (Contributor+) Local File Inclusion

The Motors plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.4.71. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the executio...

Published

Apr 04, 2025

Patched Release

1.4.72

Affected Versions

Versions up to 1.4.71

Next Step

Update to 1.4.72 or newer if supported.

Open CVE-2025-32142 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2025-32170

CVE-2025-32170: Motors <= 1.4.71 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Motors plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.4.71 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...

Published

Apr 04, 2025

Patched Release

1.4.72

Affected Versions

Versions up to 1.4.71

Next Step

Update to 1.4.72 or newer if supported.

Open CVE-2025-32170 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-13737

CVE-2024-13737: Motors – Car Dealer, Classifieds & Listing <= 1.4.57 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion and Listing Template Creation

The Motors – Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability checks on the motors_create_template and motors_delete_template functions in all versions up to, and including, 1.4.57. This makes it...

Published

Mar 21, 2025

Patched Release

1.4.58

Affected Versions

Versions up to 1.4.57

Next Step

Update to 1.4.58 or newer if supported.

Open CVE-2024-13737 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-10970

CVE-2024-10970: Motors – Car Dealer, Classifieds & Listing <= 1.4.43 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via Custom Title

The The Motors – Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.4.43. This is due to the software allowing users to execute an action that does not properly validate a value before runn...

Published

Jan 15, 2025

Patched Release

1.4.44

Affected Versions

Versions up to 1.4.43

Next Step

Update to 1.4.44 or newer if supported.

Open CVE-2024-10970 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-5545

CVE-2024-5545: Motors – Car Dealer, Classifieds & Listing <= 1.4.9 - Missing Authorization

The Motors – Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the stm_edit_delete_user_car function in all versions up to, and including, 1.4.8. This makes it possible for unauthenticate...

Published

Jul 01, 2024

Patched Release

1.4.11

Affected Versions

Versions up to 1.4.9

Next Step

Update to 1.4.11 or newer if supported.

Open CVE-2024-5545 Report Open CVE Reference

Plugin High Patched: Yes CVE-2023-46207

CVE-2023-46207: Motors – Car Dealer & Classified Ads <= 1.4.6 - Server Side Request Forgery

The Motors – Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.4.6. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web...

Published

Oct 19, 2023

Patched Release

1.4.7

Affected Versions

Versions up to 1.4.6

Next Step

Update to 1.4.7 or newer if supported.

Open CVE-2023-46207 Report Open CVE Reference