Impact
The vulnerability is a broken access control flaw in the WordPress Motors plugin, affecting all releases before version 1.4.107. It allows a user with subscriber-level privileges to carry out actions reserved for higher‑privileged roles, such as editing or deleting car listings. Consequently, an attacker can alter, delete, or add vehicle entries, thereby compromising the integrity of the application and potentially exposing sensitive data.
Affected Systems
This issue affects the StylemixThemes Motors plugin for WordPress versions earlier than 1.4.107. Any WordPress site that has installed a vulnerable plugin version is potentially exposed, as the flaw is present in all releases below the specified threshold.
Risk and Exploitability
The CVSS score of 6.5 indicates moderate severity. The EPSS score of less 1 % shows a very low probability of exploitation at the time of evaluation, and the vulnerability is not listed in the CISA KEV catalog. The likely attack path involves an attacker creating or compromising a subscriber account to perform privileged operations within the plugin, which can lead to unauthorized data modification and loss of trust.
OpenCVE Enrichment