The Motors – Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the stm_edit_delete_user_car function in all versions up to, and including, 1.4.8. This makes it possible for unauthenticated attackers to unpublish arbitrary posts and pages.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 09:47
Type | Values Removed | Values Added |
---|---|---|
References | () https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3106579%40motors-car-dealership-classified-listings%2Ftrunk&old=3101090%40motors-car-dealership-classified-listings%2Ftrunk&sfp_email=&sfph_mail= - Patch | |
References | () https://www.wordfence.com/threat-intel/vulnerabilities/id/62731e0e-8843-4f79-b887-c595fbefae26?source=cve - Third Party Advisory |
05 Jul 2024, 15:12
Type | Values Removed | Values Added |
---|---|---|
References | () https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3106579%40motors-car-dealership-classified-listings%2Ftrunk&old=3101090%40motors-car-dealership-classified-listings%2Ftrunk&sfp_email=&sfph_mail= - Patch | |
References | () https://www.wordfence.com/threat-intel/vulnerabilities/id/62731e0e-8843-4f79-b887-c595fbefae26?source=cve - Third Party Advisory | |
First Time |
Stylemixthemes
Stylemixthemes motors - Car Dealer\, Classifieds \& Listing |
|
CWE | CWE-862 | |
CPE | cpe:2.3:a:stylemixthemes:motors_-_car_dealer\,_classifieds_\&_listing:*:*:*:*:*:wordpress:*:* |
02 Jul 2024, 12:09
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
02 Jul 2024, 08:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-07-02 08:15
Updated : 2024-11-21 09:47
NVD link : CVE-2024-5545
Mitre link : CVE-2024-5545
CVE.ORG link : CVE-2024-5545
JSON object : View
Products Affected
stylemixthemes
- motors_-_car_dealer\,_classifieds_\&_listing
CWE
CWE-862
Missing Authorization