What is CVE-2026-7859?

CVE-2026-7859 is a medium-severity vulnerability in Motors, classified under Missing Authorization. CVSS score: 5.3/10. Published 2026-06-22.

How severe is CVE-2026-7859?

Medium severity. CVSS v3 base score is 5.3 out of 10.

Auth bypass in Motors

CVE-2026-7859

The Motors WordPress plugin before 1.4.110 does not have proper authorisation and CSRF checks on one of its AJAX actions, allowing unauthenticated attackers to modify arbitrary post metadata, such as the gallery, featured image and, on Wo…

Vulnerability class: Broken Access Control

CVSS v3 metric

CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N.

Affected products

Unknown Motors — versions 0

Weakness classification (CWE)

CWE-862 — Missing Authorization

References

contact@wpscan.com (technical-description, exploit, vdb-entry)

Frequently asked questions

What is CVE-2026-7859?: CVE-2026-7859 is a medium-severity vulnerability in Motors, classified under Missing Authorization. CVSS score: 5.3/10. Published 2026-06-22.
How severe is CVE-2026-7859?: Medium severity. CVSS v3 base score is 5.3 out of 10.