CVE Catalog

CVE-2026-7859

MediumCVSS 5.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.12%

2th percentile — higher than 2% of all known CVEs

Summary

The Motors WordPress plugin before version 1.4.110 lacks proper authorization and CSRF checks on one of its AJAX actions, allowing unauthenticated attackers to modify arbitrary post metadata, such as the gallery, featured image, and product prices on WooCommerce sites.

Risk Assessment

The lack of proper security measures may lead to unauthorized changes in post content and sensitive data, threatening the integrity and security of the site.

Recommendation

It is recommended to update the Motors plugin to the latest version to eliminate existing security vulnerabilities and implement additional protection mechanisms against CSRF attacks.

Original NVD description (English source)

The Motors WordPress plugin before 1.4.110 does not have proper authorisation and CSRF checks on one of its AJAX actions, allowing unauthenticated attackers to modify arbitrary post metadata, such as the gallery, featured image and, on WooCommerce sites, product prices.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS