Stored Cross-Site Scripting Vulnerability in Motors Plugin for WordPress
CVE-2026-13114
7.2HIGH
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 11 July 2026
What is CVE-2026-13114?
The Motors β Car Dealership & Classified Listings Plugin for WordPress is susceptible to a Stored Cross-Site Scripting vulnerability through Comment Content and User Biographical Info. This flaw arises from inadequate input sanitization and output escaping, allowing potential attackers, even those without authentication, to insert arbitrary web scripts into pages. These malicious scripts can execute whenever a user visits the compromised page, posing significant security risks to WordPress site users and their data.
Affected Version(s)
Motors β Car Dealership & Classified Listings Plugin 0 <= 1.4.112