平台
wordpress
组件
motors
修复版本
5.6.66
CVE-2024-13738 describes an arbitrary shortcode execution vulnerability within the Motors - Car Dealer, Rental & Listing WordPress theme. This flaw allows unauthenticated attackers to inject and execute malicious shortcodes, potentially leading to unauthorized code execution and compromise of the WordPress site. The vulnerability impacts versions of the theme up to and including 5.6.65. While the specific patched version is unclear, upgrading to the latest available version is recommended.
The impact of this vulnerability is significant, as it allows unauthenticated attackers to execute arbitrary shortcodes on a vulnerable WordPress site. This can lead to a wide range of malicious activities, including defacement of the website, injection of malware, theft of sensitive data (user credentials, database information), and even complete compromise of the server. Attackers could leverage this to gain persistent access and use the compromised site as a launchpad for further attacks against other systems within the network. The lack of authentication required makes this vulnerability particularly concerning, as anyone with access to the internet can potentially exploit it.
CVE-2024-13738 was publicly disclosed on 2025-05-03. While no public proof-of-concept (PoC) code has been publicly released as of this writing, the ease of exploiting shortcode execution vulnerabilities suggests a high probability of exploitation. The vulnerability is not currently listed on the CISA KEV catalog. Active campaigns targeting WordPress themes are common, so vigilance is advised.
Websites using the Motors - Car Dealer, Rental & Listing WordPress theme, particularly those running older versions (≤5.6.65), are at risk. Shared hosting environments where users have limited control over theme updates are especially vulnerable. Sites with weak security configurations or outdated WordPress installations are also at increased risk.
• wordpress / composer / npm:
grep -r 'do_shortcode' /var/www/html/wp-content/themes/motors-car-dealer-rental-listing/• wordpress / composer / npm:
wp plugin list --status=all | grep motors• wordpress / composer / npm:
wp theme list --status=all | grep motorsdisclosure
漏洞利用状态
EPSS
1.35% (80% 百分位)
CISA SSVC
CVSS 向量
The primary mitigation for CVE-2024-13738 is to upgrade the Motors - Car Dealer, Rental & Listing WordPress theme to the latest available version. Since the specific patched version is not explicitly stated, applying the most recent update is crucial. As a temporary workaround, consider implementing a Web Application Firewall (WAF) with rules to block suspicious shortcode usage or restrict access to the shortcode functionality. Regularly scan your WordPress installation for vulnerabilities using a reputable security plugin and ensure all plugins and themes are kept up-to-date.
Actualice el tema Motors - Car Dealer, Rental & Listing WordPress a la última versión disponible. Esto solucionará la vulnerabilidad de ejecución de shortcodes arbitrarios.
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2024-13738 is a HIGH severity vulnerability allowing unauthenticated attackers to execute arbitrary shortcodes in the Motors WordPress theme due to insufficient input validation.
You are affected if you are using the Motors WordPress theme version 5.6.65 or earlier. Upgrade to the latest version to mitigate the risk.
Upgrade the Motors WordPress theme to the latest available version. Consider implementing a WAF as a temporary workaround.
While no public PoC exists, the ease of exploitation suggests a high probability of exploitation. Monitor your site for suspicious activity.
Refer to the theme developer's website or WordPress plugin repository for the latest advisory and update information.
上传你的依赖文件,立即了解此CVE和其他CVE是否影响你。