Skip to main content

Motors Theme EUVDEUVD-2026-41337

| CVE-2026-27433 MEDIUM
Missing Authorization (CWE-862)
2026-07-02 Patchstack GHSA-fmc6-6rcg-62mh
6.5
CVSS 3.1 · Vendor: Patchstack
Share

Severity by source

Vendor (Patchstack) PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
vuln.today AI
6.5 MEDIUM

AV:N/PR:N confirmed by unauthenticated network-accessible AJAX handler; C:N because no data exposure is described; I:L and A:L match unauthorized modification and limited disruption impact.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

Primary rating from Vendor (Patchstack).

CVSS VectorVendor: Patchstack

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
Low

Lifecycle Timeline

1
Analysis Generated
Jul 02, 2026 - 12:37 vuln.today

DescriptionCVE.org

Unauthenticated Broken Access Control in Motors <= 5.6.80 versions.

AnalysisAI

Broken access control in the Motors WordPress theme (by StyleMixThemes) versions 5.6.80 and earlier allows unauthenticated remote attackers to perform unauthorized actions, resulting in limited integrity and availability impact without requiring any credentials or user interaction. The vulnerability stems from CWE-862 (Missing Authorization), where specific theme functionality fails to enforce permission checks before executing sensitive operations. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Fingerprint target WordPress site running Motors theme
Delivery
Send unauthenticated HTTP POST to exposed AJAX handler
Exploit
Bypass missing authorization check
Execution
Execute unauthorized theme operation
Impact
Achieve limited content modification or availability disruption

Vulnerability AssessmentAI

Exploitation Exploitation requires no authentication (PR:N per CVSS vector) and no user interaction (UI:N). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The NVD-assigned CVSS 3.1 score of 6.5 (Medium) reflects a meaningful but bounded threat: the attack is fully remote, requires zero privileges, and has low complexity, but impact is capped at integrity:Low and availability:Low with no confidentiality breach (C:N). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An unauthenticated attacker identifies a WordPress site running the Motors theme via passive fingerprinting (e.g., theme name in page source or HTTP headers) and sends a crafted HTTP POST request to the WordPress AJAX endpoint targeting the vulnerable handler. The missing authorization check allows the request to proceed, enabling the attacker to modify theme data or trigger a denial-of-service condition on specific theme functionality without supplying any credentials. …
Remediation The primary remediation is to update the Motors theme to a version released after 5.6.80 - the exact patched version is not independently confirmed in the available intelligence data, but the Patchstack advisory at https://patchstack.com/database/wordpress/theme/motors/vulnerability/wordpress-motors-theme-5-6-80-broken-access-control-vulnerability should be consulted for the confirmed fix version. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-41337 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy