Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total2

Critical1

High0

Medium1

Search Severity Year Type Sort Order

Reset

Showing 1-2 of 2 records

Threat Entry Updated 2026-06-22

CVE-2026-7859 - Motors Plugin

The Motors WordPress plugin before 1.4.110 does not have proper authorisation and CSRF checks on one of its AJAX actions, allowing unauthenticated attackers to modify arbitrary post metadata, such as the gallery, featured image and, on WooCommerce sites, product prices.

PLUGIN Motors

CVE-2026-7859

MEDIUM CVSS 5.3 2026-06-22

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2025-05-21

CVE-2025-4322 - Motors Theme

The Motors theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.6.67. This is due to the theme not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to change arbitrary user passwords, including those of administrators, and leverage that to gain access to their account.

THEME Motors

CVE-2025-4322

CRITICAL CVSS 9.8 2025-05-20

Risk Score

Open Full Technical Breakdown

Blog

"Prevention is cheaper than a breach"

Threat Database

CVE-2026-7859 - Motors Plugin

CVE-2025-4322 - Motors Theme

Company Links

Contact Us