PT-2026-51279 · WordPress · Motors
Mustafa Ahmed
·
Published
2026-06-22
·
Updated
2026-06-22
·
CVE-2026-7859
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Motors WordPress plugin versions prior to 1.4.110
Description
Lack of proper authorization and Cross-Site Request Forgery (CSRF) checks on an AJAX action allows unauthenticated attackers to modify arbitrary post metadata. This includes the gallery, featured image and, on WooCommerce sites, product prices.
Recommendations
Update to version 1.4.110 or later.
Exploit
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Motors