Cross-Site Request Forgery Vulnerability in MotorDesk Plugin for WordPress
CVE-2026-9724

4.3MEDIUM

Key Information:

Vendor: WordPress
Status: Motordesk
Vendor: CVE Published:; 24 June 2026

What is CVE-2026-9724?

The MotorDesk plugin for WordPress is susceptible to Cross-Site Request Forgery due to improper nonce validation in the motordesk_admin_home function. This flaw allows unauthenticated attackers to manipulate the plugin's configuration settings, such as altering the search page URI and custom template directory path. To exploit this vulnerability, an attacker must deceive a site administrator into executing an action, such as clicking on a malicious link, thereby initiating a forged request that leverages the absence of proper security controls.

Affected Version(s)

MotorDesk 0 <= 1.1.2

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/motordesk/trun...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 24, 2026
Vulnerability Reserved
May 27, 2026

Credit

swat

CVE-2026-9724 Data

JSON