CVE-2019-17228

Motors Car Dealer & Classified Ads <= 1.4.0 - Unauthenticated Settings Import/Export

mediumInsufficient Verification of Data Authenticity

6.5

CVSS Score

6.5

CVSS Score

medium

Severity

1.4.1

Patched in

1586d

Time to patch

Description

includes/options.php in the motors-car-dealership-classified-listings (aka Motors - Car Dealer & Classified Ads) plugin through 1.4.0 for WordPress allows unauthenticated plugin settings changes, including the ability to add malicious JavaScript to a site.

CVSS Vector Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Low

Confidentiality

Low

Integrity

None

Availability

Technical Details

Affected versions<1.4.1

PublishedSeptember 20, 2019

Last updatedJanuary 22, 2024

Affected pluginmotors-car-dealership-classified-listings

References

https://www.wordfence.com/threat-intel/vulnerabilities/id/570bca1e-78d0-49e8-8919-eba19f9457b9?source=api-prod

Check if your site is affected.

Run a free security audit to detect vulnerable plugins, outdated versions, and misconfigurations.

Run free audit Browse CVE database