The Motors – Car Dealer, Classifieds & Listing plugin for...
Moderate severity
Unreviewed
Published
Jul 2, 2024
to the GitHub Advisory Database
•
Updated Jul 5, 2024
Description
Published by the National Vulnerability Database
Jul 2, 2024
Published to the GitHub Advisory Database
Jul 2, 2024
Last updated
Jul 5, 2024
The Motors – Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the stm_edit_delete_user_car function in all versions up to, and including, 1.4.8. This makes it possible for unauthenticated attackers to unpublish arbitrary posts and pages.
References