CVE-2022-3989

Name of the Vulnerable Software and Affected Versions Motors WordPress plugin versions prior to 1.4.4

Description The issue allows an attacker to upload malicious files, such as .php files, to a WordPress instance due to improper validation of uploaded files in an AJAX action. This can lead to the attacker signing up on the victim's instance, uploading a malicious PHP file, and potentially launching a brute-force attack to discover the uploaded payload.

Recommendations For Motors WordPress plugin versions prior to 1.4.4, update to version 1.4.4 or later to resolve the issue. As a temporary workaround, consider restricting file uploads or disabling the AJAX action related to file uploads until the update is applied.