cleantalk
Vulnerabilities and Security Researches

Motors – Car Dealer, Classifieds & Listing, CVE-2026-7859

CVE, Research URL

CVE-2026-7859

Home page URL

Security reports for Motors – Car Dealer, Classifieds & Listing

Application

Motors – Car Dealer, Classifieds & Listing

Published on
Jun 22, 2026
Research Description
The Motors WordPress plugin before 1.4.110 does not have proper authorisation and CSRF checks on one of its AJAX actions, allowing unauthenticated attackers to modify arbitrary post metadata, such as the gallery, featured image and, on WooCommerce sites, product prices.
Affected versions
max 1.4.110.
Status
vulnerable
Previous vulnerability researches
PHP Compatibility Checker , Aug 21, 2025
PHP Compatibility Checker (CVE-2023-24421) , Jun 07, 2024
New vulnerability
Interactive Content – H5P (CVE-2026-56006) , Jun 24, 2026
Transbank Webpay REST (CVE-2026-6858) , Jun 24, 2026
ProfileGrid – User Profiles, Memberships, Groups and Communities (CVE-2026-4610) , Jun 24, 2026
Paymob for WooCommerce (CVE-2026-56025) , Jun 24, 2026
Motors – Car Dealer, Classifieds & Listing (CVE-2026-7859) , Jun 24, 2026