PatchSiren cyber security CVE debrief
CVE-2026-42664 Motive Commerce Search CVE debrief
CVE-2026-42664 is a HIGH severity vulnerability with a CVSS score of 8.2, published on 2026-06-15T21:16:56.163Z and modified on 2026-06-15T21:24:32.790Z. The vulnerability affects AI Product Search for WooCommerce – Motive Commerce Search plugin versions <= 1.38.2, allowing unauthenticated broken access control.
- Vendor
- Motive Commerce Search
- Product
- AI Product Search for WooCommerce – Motive Commerce Search
- CVSS
- HIGH 8.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Users of AI Product Search for WooCommerce – Motive Commerce Search plugin versions <= 1.38.2 should apply patches or mitigations to prevent exploitation.
Technical summary
The vulnerability has a CVSS vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H and is classified under CWE-862. It allows attackers to exploit unauthenticated broken access control, potentially leading to high impact.
Defensive priority
HIGH
Recommended defensive actions
- Apply patches or updates to AI Product Search for WooCommerce – Motive Commerce Search plugin to version > 1.38.2
- Review and restrict access controls for the affected plugin
Evidence notes
Evidence from Patchstack indicates a vulnerability in the Motive Commerce Search plugin.
Official resources
-
CVE-2026-42664 CVE record
CVE.org
-
CVE-2026-42664 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
CVE-2026-42664 was published on 2026-06-15T21:16:56.163Z and modified on 2026-06-15T21:24:32.790Z.