CVE-2021-24375

Name of the Vulnerable Software and Affected Versions Motor WordPress theme versions prior to 3.1.0

Description The issue is related to a lack of authentication or validation in certain AJAX handlers, specifically motor load more, motor gallery load more, motor quick view, and motor project quick view, which can allow an unauthenticated attacker to access arbitrary files on the server file system and execute arbitrary PHP scripts already present on the server. There is no vulnerability found for uploading files with this theme, meaning any executable scripts must already exist on the server.

Recommendations For Motor WordPress theme versions prior to 3.1.0, update to version 3.1.0 or later to resolve the issue. As a temporary workaround, consider disabling the motor load more, motor gallery load more, motor quick view, and motor project quick view functions until a patch is applied. Restrict access to these AJAX handlers to minimize the risk of exploitation.