cleantalk
Vulnerabilities and Security Researches

Motors – Car Dealer, Classifieds & Listing, CVE-2026-7859

CVE, Research URL

CVE-2026-7859

Home page URL

Security reports for Motors – Car Dealer, Classifieds & Listing

Application

Motors – Car Dealer, Classifieds & Listing

Published on
Jun 22, 2026
Research Description
The Motors WordPress plugin before 1.4.110 does not have proper authorisation and CSRF checks on one of its AJAX actions, allowing unauthenticated attackers to modify arbitrary post metadata, such as the gallery, featured image and, on WooCommerce sites, product prices.
Affected versions
max 1.4.110.
Status
vulnerable
Previous vulnerability researches
WPExperts Square For GiveWP (CVE-2024-13713) , Feb 22, 2025
WPExperts Square For GiveWP (CVE-2024-47338) , Sep 30, 2024
New vulnerability
Motors – Car Dealer, Classifieds & Listing (CVE-2026-7859) , Jun 24, 2026
Vitepos – Point of sale (POS) plugin for WooCommerce (CVE-2026-8157) , Jun 24, 2026
Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Conten (CVE-2026-10530) , Jun 24, 2026
Stylish Cost Calculator – Quote Generator, Lead Gen & Price Estimator (CVE-2026-54847) , Jun 23, 2026
Backup and Staging by WP Time Capsule (CVE-2020-37255) , Jun 23, 2026