CVE-2022-3989: 
WordPress vulnerability analysis and mitigation

The Motors WordPress plugin before version 1.4.4 contains an arbitrary file upload vulnerability (CVE-2022-3989) discovered on November 21, 2022. This vulnerability affects the plugin's AJAX action functionality, which fails to properly validate uploaded files for dangerous file types, such as PHP files (WPScan Advisory).

The vulnerability exists in the file upload functionality of the Motors WordPress plugin. An attacker can exploit this vulnerability by signing up on a victim's WordPress instance, uploading a malicious PHP file, and then attempting to launch a brute-force attack to discover the uploaded payload. The vulnerability has been assigned a CVSS v3.1 base score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD).

If successfully exploited, this vulnerability could allow an attacker to upload and execute malicious PHP files on the affected WordPress installation, potentially leading to remote code execution. This could result in complete compromise of the affected website, allowing attackers to steal sensitive data, modify website content, or use the server for malicious purposes (WPScan Advisory).

Website administrators running the affected version of the Motors WordPress plugin should immediately upgrade to version 1.4.4 or later, which contains the security fix for this vulnerability (WPScan Advisory).