Description
Unrestricted Upload of File with Dangerous Type vulnerability in StylemixThemes Motors motors allows Using Malicious Files.This issue affects Motors: from n/a through <= 5.6.81.
Published: 2025-12-18
Score: 9.9 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability allows an attacker to upload files of any type without restriction, enabling the use of malicious content. An attacker could potentially place executable or web-accessible files on the server, creating a path for code execution or other malicious actions. This flaw arises from insufficient validation of file types during upload and affects the WordPress Motors theme.

Affected Systems

StylemixThemes Motors theme, all releases up to and including version 5.6.81, is affected. The vulnerability impacts any installation using these theme versions on a WordPress site.

Risk and Exploitability

The CVSS score of 9.9 indicates a critical severity, yet the EPSS score of < 1% suggests that exploit attempts are currently rare. The vulnerability is not listed in CISA's KEV catalog. Based on the description, the likely attack vector is through the theme’s file upload functionality; no mention of authentication requirements is made, implying that the upload may be accessible without prior authentication. An attacker who can upload a file could then place malicious code on the server, potentially leading to remote code execution or other compromises.

Generated by OpenCVE AI on April 29, 2026 at 12:08 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the StylemixThemes Motors theme to the latest version to apply the vendor’s fix
  • If an upgrade is not immediately possible, disable or remove the file upload feature provided by the theme to block the attack surface
  • Configure a web application firewall to reject uploads of disallowed file types and enforce strict MIME type checks

Generated by OpenCVE AI on April 29, 2026 at 12:08 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 20 Jan 2026 15:30:00 +0000

Type Values Removed Values Added
References

Tue, 20 Jan 2026 14:45:00 +0000

Type Values Removed Values Added
References

Fri, 19 Dec 2025 09:30:00 +0000

Type Values Removed Values Added
First Time appeared Stylemixthemes
Stylemixthemes motors - Car Dealer, Classifieds & Listing
Wordpress
Wordpress wordpress
Vendors & Products Stylemixthemes
Stylemixthemes motors - Car Dealer, Classifieds & Listing
Wordpress
Wordpress wordpress

Thu, 18 Dec 2025 21:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 9.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 18 Dec 2025 07:45:00 +0000

Type Values Removed Values Added
Description Unrestricted Upload of File with Dangerous Type vulnerability in StylemixThemes Motors motors allows Using Malicious Files.This issue affects Motors: from n/a through <= 5.6.81.
Title WordPress Motors theme <= 5.6.81 - Arbitrary File Upload vulnerability
Weaknesses CWE-434
References

Subscriptions

Stylemixthemes Motors - Car Dealer, Classifieds & Listing
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T18:31:57.673Z

Reserved: 2025-10-31T11:23:19.708Z

Link: CVE-2025-64374

cve-icon Vulnrichment

Updated: 2025-12-18T20:21:42.460Z

cve-icon NVD

Status : Deferred

Published: 2025-12-18T08:16:14.380

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-64374

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-29T12:15:09Z

Weaknesses