Vulnerability Brief

CVE-2026-7859

What this means for your business

A security vulnerability in the WordPress plugin "Motors" could allow an attacker to make unauthorized changes to your website's content and potentially alter prices on your online store, even if they don't have permission to do so. This could lead to financial losses or damage to your business reputation if sensitive information is altered or if customers are misled. To protect your business, it's essential to update the plugin to the latest version or remove it if it's no longer needed.

Severity: MEDIUM
CVSS score: 5.3

Technical summary

The Motors WordPress plugin before 1.4.110 does not have proper authorisation and CSRF checks on one of its AJAX actions, allowing unauthenticated attackers to modify arbitrary post metadata, such as the gallery, featured image and, on WooCommerce sites, product prices.