Loading market data...
← Back to CVE feed

CVE-2026-7859

UNKNOWN View on NVD ↗

Description

The Motors WordPress plugin before 1.4.110 does not have proper authorisation and CSRF checks on one of its AJAX actions, allowing unauthenticated attackers to modify arbitrary post metadata, such as the gallery, featured image and, on WooCommerce sites, product prices.

Published: Jun 22, 2026 06:16 UTC Modified: Jun 22, 2026 06:16 UTC