What the vulnerability does
01Description
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in StylemixThemes Motors - Events stm-motors-events allows PHP Local File Inclusion.This issue affects Motors - Events: from n/a through <= 1.4.7.
Explanation of Vulnerability in Simple Terms
02Summary
Motors - Events versions 1.4.7 and earlier contain a code injection vulnerability that allows unauthenticated attackers to execute arbitrary code on affected sites. The vulnerability requires high attack complexity but can compromise confidentiality, integrity, and availability across the entire system. No authentication or user interaction is required to trigger the flaw.
What an attacker can do
03Attacker Capabilities
Execute arbitrary code on the site without authentication.
Potential impact on your site
04Site Impact
Complete compromise of site data, functionality, and server integrity possible.
Conditions required to exploit
05Prerequisites
Network access to the site; high attack complexity (specific conditions must be met).
Key dates
06Disclosure timeline
June 6, 2025
CVE published
April 28, 2026
Record updated