PatchSiren cyber security CVE debrief
CVE-2026-13114 stylemix CVE debrief
The CVE record was published on 2026-07-11T04:17:16.650Z and has not been modified since then. The NVD entry is currently Received. This vulnerability affects the Motors – Car Dealership & Classified Listings Plugin for WordPress, specifically versions up to and including 1.4.112. The vulnerability class is Stored Cross-Site Scripting via Comment Content and User Biographical Info. The likely operational impact includes unauthenticated attackers injecting arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The source confidence is limited, and defenders should verify the affected scope and severity.
- Vendor
- stylemix
- Product
- Motors – Car Dealership & Classified Listings Plugin
- CVSS
- HIGH 7.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-11
- Original CVE updated
- 2026-07-11
- Advisory published
- 2026-07-11
- Advisory updated
- 2026-07-11
Who should care
Users of Motors – Car Dealership & Classified Listings Plugin for WordPress, especially those with untrusted user content, should prioritize updating to a patched version. Additionally, operators of WordPress platforms, security teams, and vulnerability management teams should review the affected scope and implement necessary mitigations. Those responsible for monitoring user-generated content and plugin configurations should also be aware of potential exposure.
Technical summary
The Motors – Car Dealership & Classified Listings Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Comment Content and User Biographical Info in all versions up to, and including, 1.4.112. This is due to insufficient input sanitization and output escaping, allowing unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The vulnerability has a HIGH CVSS score of 7.2, indicating a high severity. Defenders should focus on updating to a patched version and implementing additional security measures to mitigate potential exposure.
Defensive priority
High priority given the HIGH CVSS score of 7.2 and the potential for unauthenticated attacks. Defenders should immediately review the affected scope and implement necessary mitigations to prevent exploitation.
Recommended defensive actions
- Update Motors – Car Dealership & Classified Listings Plugin to a version beyond 1.4.112
- Implement Content Security Policy (CSP) to mitigate XSS attacks
- Monitor user-generated content for suspicious scripts
- Regularly review and update plugins and themes
- Consider Web Application Firewall (WAF) rules for additional protection
- Review compensating controls for exposed systems while remediation is scheduled and verified
- Track exceptions, retest remediated assets, and close the item only after evidence is documented
Evidence notes
Evidence primarily comes from the NVD and CVE records, with limited additional context. Further investigation may be needed to fully understand the vulnerability's impact and affected scope. The CVE record was published on 2026-07-11T04:17:16.650Z and has not been modified since then. The NVD entry is currently Received. Additional review of user-generated content and plugin configurations may provide further insights into potential exposure.
Official resources
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-11T04:17:16.650Z and has not been modified since then.