CVE-2026-7859
MediumCVSS 5.3Exploitation Probability (EPSS)
Low risk2th percentile — higher than 2% of all known CVEs
Summary
The Motors WordPress plugin before version 1.4.110 lacks proper authorization and CSRF checks on one of its AJAX actions, allowing unauthenticated attackers to modify arbitrary post metadata, such as the gallery, featured image, and product prices on WooCommerce sites.
Risk Assessment
The lack of proper security measures may lead to unauthorized changes in post content and sensitive data, threatening the integrity and security of the site.
Recommendation
It is recommended to update the Motors plugin to the latest version to eliminate existing security vulnerabilities and implement additional protection mechanisms against CSRF attacks.
Original NVD description (English source)
The Motors WordPress plugin before 1.4.110 does not have proper authorisation and CSRF checks on one of its AJAX actions, allowing unauthenticated attackers to modify arbitrary post metadata, such as the gallery, featured image and, on WooCommerce sites, product prices.

