Description
Unauthenticated Broken Access Control in Motors <= 5.6.80 versions.
Published: 2026-07-02
Score: 6.5 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An unauthenticated broken access control flaw exists in the Motors theme for WordPress versions 5.6.80 and older. The vulnerability allows an attacker to view or are normally restricted to privileged users, effectively enabling unauthorized configuration changes, content uploads, or other administrative actions. The flaw is a classic role‑based access control failure, identified as CWE‑862. It threatens the confidentiality, integrity, and availability of the affected website.

Affected Systems

The flaw affects installations of the StylemixThemes Motors WordPress theme running version 5.6.80 or earlier. Any site that has not applied a later update to this theme is potentially exposed.

Risk and Exploitability

The CVSS score of 6.5 indicates moderate severity. No EPSS score is available, and the vulnerability is not listed in CISA’s KEV catalog. The likely attack vector is web‑based; an attacker need only send crafted requests to a site using the vulnerable theme, with no user authentication required. Successful exploitation could permit an attacker to elevate privileges within the WordPress environment and compromise the site.

Generated by OpenCVE AI on July 2, 2026 at 15:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Motors theme to the latest version (5.6.81 or newer) that contains the access‑control fix.
  • Configure the theme directory and associated files so that the web server’s user account cannot modify them; use file permissions that deny write access to the web process unless necessary.
  • Limit role permissions by ensuring that only users with the Administrator role can interact with the theme’s admin interfaces, removing any default or fallback access that bypasses role checks.

Generated by OpenCVE AI on July 2, 2026 at 15:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 02 Jul 2026 11:30:00 +0000

Type Values Removed Values Added
Description Unauthenticated Broken Access Control in Motors <= 5.6.80 versions.
Title WordPress Motors theme <= 5.6.80 - Broken Access Control vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L'}


Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-07-02T11:26:07.494Z

Reserved: 2026-02-19T09:52:32.857Z

Link: CVE-2026-27433

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-02T15:30:05Z

Weaknesses