WordPress Plugin Vulnerabilities

Motors – Car Dealer & Classified Ads < 1.4.7 - Unauthenticated SSRF

Description

The plugin does not validate a parameter before making a request to it, which could allow unauthenticated users to perform SSRF attacks

Affects Plugins

Plugin icon
motors-car-dealership-classified-listings
Fixed in 1.4.7

References

CVE
CVE-2023-46207
URL
https://patchstack.com/database/vulnerability/motors-car-dealership-classified-listings/wordpress-motors-car-dealer-classifieds-listing-plugin-1-4-6-server-side-request-forgery-ssrf-vulnerability

Classification

Type
SSRF
OWASP top 10
A1: Injection
CWE
CWE-918
CVSS
5.8 (medium)

Miscellaneous

Original Researcher
Mika
Verified
No
WPVDB ID
409061e5-9c0b-4dcc-a984-23ce95477305

Timeline

Publicly Published
2023-10-19 (about 2 years ago)
Added
2023-11-23 (about 2 years ago)
Last Updated
2024-03-14 (about 2 years ago)

Other

Published
Title
Published
2024-04-25
Title
Knowledge Base documentation & wiki plugin – BasePress < 2.16.2.1 - Authenticated (Subscriber+) Server-Side Request Forgery
Published
2025-12-20
Title
6Storage Rentals <= 2.20.0 - Authenticated (Subscriber+) Server-Side Request Forgery
Published
2018-01-20
Title
Google Forms <= 0.91 - Unauthenticated Server-Side Request Forgery (SSRF)
Published
2026-01-13
Title
Seriously Simple Podcasting < 3.14.2 - Authenticated (Editor+) Server-Side Request Forgery
Published
2026-02-13
Title
Getty Images <= 4.1.0 - Authenticated (Contributor+) Server-Side Request Forgery