- Description
- The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in the ajax_actions.php file in all versions up to, and including, 1.4.66. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute several initial set-up actions.
- Source
- security@wordfence.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Primary
- Base score
- 4.3
- Impact score
- 1.4
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
- Severity
- MEDIUM
- security@wordfence.com
- CWE-862
- Hype score
- Not currently trending
🚨 CVE-2025-3437 🟠 MEDIUM (4.3) 🏢 stylemix - Motors – Car Dealership & Classified Listings Plugin 🏗️ * 🔗 https://t.co/0cw42yQAFa 🔗 https://t.co/Mrt9L1BZU9 🔗 https://t.co/jXlpWyFrKi #CyberCron #VulnAlert #InfoSec https://t.co/Y8s7RaDEu3
@cybercronai
9 Apr 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-3437 WordPress Motors Plugin Unauthorized Data Modification via Authenticated Ajax Actions https://t.co/MBunr2t85Z
@VulmonFeeds
8 Apr 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes