Stored Cross-Site Scripting Vulnerability in Motors Plugin for WordPress
CVE-2026-13114

7.2HIGH

What is CVE-2026-13114?

The Motors – Car Dealership & Classified Listings Plugin for WordPress is susceptible to a Stored Cross-Site Scripting vulnerability through Comment Content and User Biographical Info. This flaw arises from inadequate input sanitization and output escaping, allowing potential attackers, even those without authentication, to insert arbitrary web scripts into pages. These malicious scripts can execute whenever a user visits the compromised page, posing significant security risks to WordPress site users and their data.

Affected Version(s)

Motors – Car Dealership & Classified Listings Plugin 0 <= 1.4.112

References

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Webbernaut
.