CVE Vulnerabilities

CVE-2022-3989

Published: Dec 12, 2022 | Modified: Apr 22, 2025
CVSS 3.x
8.8
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu
root.io minimus.io echohq.com

The Motors WordPress plugin before 1.4.4 does not properly validate uploaded files for dangerous file types (such as .php) in an AJAX action, allowing an attacker to sign up on a victims WordPress instance, upload a malicious PHP file and attempt to launch a brute-force attack to discover the uploaded payload.

Affected Software

Name Vendor Start Version End Version
Motors_-_car_dealer,classifieds&_listing Stylemixthemes * 1.4.4 (excluding)

References