CVE-2026-7859

Vulnerability Description

The Motors WordPress plugin before 1.4.110 does not have proper authorisation and CSRF checks on one of its AJAX actions, allowing unauthenticated attackers to modify arbitrary post metadata, such as the gallery, featured image and, on WooCommerce sites, product prices.

Vulnerability Details

Published Date

June 22, 2026

Last Modified

June 22, 2026

Source

NVD

External References

https://wpscan.com/vulnerability/3c11e490-92d8-46e1-a0ae-7c4c703ac411/

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment