CVE-2026-7859

MEDIUM 5.3

Motors Car Dealership & Classified Listings < 1.4.110 - Unauthenticated Post-Meta Write via stm_ajax_add_a_car_media

CVSS Score

5.3

EPSS Score

0.0%

EPSS Percentile

0th

The Motors WordPress plugin before 1.4.110 does not have proper authorisation and CSRF checks on one of its AJAX actions, allowing unauthenticated attackers to modify arbitrary post metadata, such as the gallery, featured image and, on WooCommerce sites, product prices.

Vendor	unknown
Product	motors
Published	Jun 22, 2026
Last Updated	Jun 22, 2026

Stay Ahead of the Next One

Get instant alerts for unknown motors

Be the first to know when new medium vulnerabilities affecting unknown motors are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Unknown / Motors

0 < 1.4.110

References

NVD ↗ CVE.org ↗ EPSS Data ↗

wpscan.com: https://wpscan.com/vulnerability/3c11e490-92d8-46e1-a0ae-7c4c703ac411/

Credits

Mustafa Ahmed WPScan