Motors Car Dealership & Classified Listings < 1.4.110

5.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Description

The Motors WordPress plugin before 1.4.110 does not have proper authorisation and CSRF checks on one of its AJAX actions, allowing unauthenticated attackers to modify arbitrary post metadata, such as the gallery, featured image and, on WooCommerce sites, product prices.

Basic Information

ID CVE-2026-7859

Source WPScan

Published Jun 22, 2026 at 06:00

Modified Jun 22, 2026 at 12:50

Affected Product

Vendor Unknown

Product Motors

Affected Versions Unknown Motors 0

CWE Classification

CWE-862

References

wpscan.com /vulnerability/3c11e490-92d8-46e1-a0ae-7c4c703ac411/

{
    "lastseen": "",
    "description": "The Motors  WordPress plugin before 1.4.110 does not have proper authorisation and CSRF checks on one of its AJAX actions, allowing unauthenticated attackers to modify arbitrary post metadata, such as the gallery, featured image and, on WooCommerce sites, product prices.",
    "published": "2026-06-22T06:00:02.267Z",
    "modified": "2026-06-22T12:50:05.276Z",
    "type": "cve",
    "title": "Motors Car Dealership & Classified Listings < 1.4.110 - Unauthenticated Post-Meta Write via stm_ajax_add_a_car_media",
    "source": "WPScan",
    "references": "https://wpscan.com/vulnerability/3c11e490-92d8-46e1-a0ae-7c4c703ac411/",
    "id": "CVE-2026-7859",
    "bulletinFamily": "",
    "cwe": [
        "",
        "",
        "CWE-862"
    ],
    "cvelist": null,
    "sourceData": "Unknown Motors 0",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Motors",
    "version": "0",
    "vendor": "Unknown",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Motors Car Dealership & Classified Listings < 1.4.110 - Unauthenticated Post-Meta Write via stm_ajax_add_a_car_media_CVE-2026-7859