CVSS: 10.0EPSS: 10%CPEs: 1EXPL: 4CVE-2025-4322 – Motors <= 5.6.67 - Unauthenticated Privilege Escalation via Password Update/Account Takeover
https://notcve.org/view.php?id=CVE-2025-4322
19 May 2025 — The Motors theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.6.67. This is due to the theme not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to change arbitrary user passwords, including those of administrators, and leverage that to gain access to their account. WordPress Motors theme versions 5.6.67 and below suffer from a privilege escalation vulnerability th... • https://packetstorm.news/files/id/194812 • CWE-620: Unverified Password Change •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13738 – Motors - Car Dealer, Rental & Listing WordPress theme <= 5.6.65 - Unauthenticated Arbitrary Shortcode Execution
https://notcve.org/view.php?id=CVE-2024-13738
02 May 2025 — The The Motors - Car Dealer, Rental & Listing WordPress theme theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.6.65. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. *It is unclear exactly which version the issue was patched in from the changelog. Therefore, we used the latest versio... • https://stylemixthemes.com/motors • CWE-94: Improper Control of Generation of Code ('Code Injection') •