Unauthenticated Options Modification in Motors Car Dealer Plugin by WordPress
CVE-2019-17228

6.5MEDIUM

Key Information:

Vendor

Wordpress
Status
Motors - Car Dealer\, Classifieds \& Listing
Vendor
CVE Published:
24 February 2020

What is CVE-2019-17228?

The Motors - Car Dealer & Classified Ads plugin for WordPress contains a vulnerability in the includes/options.php file that permits unauthenticated users to modify plugin options. This flaw can potentially compromise the integrity of the plugin's settings, allowing unauthorized changes that may lead to further security issues or altered functionality on affected WordPress sites.

References

https://wpvulndb.com/vulnerabilities/9884
x_refsource_MISC
https://wordpress.org/plugins/motors-car-dealership-class...
x_refsource_MISC
https://blog.nintechnet.com/multiple-vulnerabilities-in-w...
x_refsource_MISC

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.