Impact
An unauthenticated broken access control flaw exists in the Motors theme for WordPress versions 5.6.80 and older. The vulnerability allows an attacker to view or are normally restricted to privileged users, effectively enabling unauthorized configuration changes, content uploads, or other administrative actions. The flaw is a classic role‑based access control failure, identified as CWE‑862. It threatens the confidentiality, integrity, and availability of the affected website.
Affected Systems
The flaw affects installations of the StylemixThemes Motors WordPress theme running version 5.6.80 or earlier. Any site that has not applied a later update to this theme is potentially exposed.
Risk and Exploitability
The CVSS score of 6.5 indicates moderate severity. No EPSS score is available, and the vulnerability is not listed in CISA’s KEV catalog. The likely attack vector is web‑based; an attacker need only send crafted requests to a site using the vulnerable theme, with no user authentication required. Successful exploitation could permit an attacker to elevate privileges within the WordPress environment and compromise the site.
OpenCVE Enrichment