PT-2025-41219 · WordPress · Motors – Car Dealership & Classified Listings Plugin

Kishan Vyas

Published

2025-10-08

Updated

2025-10-13

CVE-2025-10494

CVSS v3.1

8.1

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Name of the Vulnerable Software and Affected Versions The Motors – Car Dealership & Classified Listings Plugin versions prior to 1.4.89

Description The software is susceptible to arbitrary file deletion because of inadequate file path validation when deleting profile pictures. An authenticated attacker with Subscriber-level access or higher can delete arbitrary files on the server. Deleting specific files, such as wp-config.php, could lead to remote code execution.

Recommendations Update The Motors – Car Dealership & Classified Listings Plugin to version 1.4.89 or later.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-73

Related Identifiers

CVE-2025-10494

Affected Products

Motors – Car Dealership & Classified Listings Plugin

PT-2025-41219 · WordPress · Motors – Car Dealership & Classified Listings Plugin

CVE-2025-10494

Weakness Enumeration

Related Identifiers

Affected Products

References · 9