Vulnerability CVE-2022-3989


Published: 2022-12-12

Description:
The Motors WordPress plugin before 1.4.4 does not properly validate uploaded files for dangerous file types (such as .php) in an AJAX action, allowing an attacker to sign up on a victim's WordPress instance, upload a malicious PHP file and attempt to launch a brute-force attack to discover the uploaded payload.

Type:

CWE-434

(Unrestricted Upload of File with Dangerous Type)

 References:
https://wpscan.com/vulnerability/1bd20329-f3a5-466d-81b0-e4ff0ca32091

Copyright 2026, cxsecurity.com

 

Back to Top