PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-13114 stylemix CVE debrief

The CVE record was published on 2026-07-11T04:17:16.650Z and has not been modified since then. The NVD entry is currently Received. This vulnerability affects the Motors – Car Dealership & Classified Listings Plugin for WordPress, specifically versions up to and including 1.4.112. The vulnerability class is Stored Cross-Site Scripting via Comment Content and User Biographical Info. The likely operational impact includes unauthenticated attackers injecting arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The source confidence is limited, and defenders should verify the affected scope and severity.

Vendor
stylemix
Product
Motors – Car Dealership & Classified Listings Plugin
CVSS
HIGH 7.2
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-11
Original CVE updated
2026-07-11
Advisory published
2026-07-11
Advisory updated
2026-07-11

Who should care

Users of Motors – Car Dealership & Classified Listings Plugin for WordPress, especially those with untrusted user content, should prioritize updating to a patched version. Additionally, operators of WordPress platforms, security teams, and vulnerability management teams should review the affected scope and implement necessary mitigations. Those responsible for monitoring user-generated content and plugin configurations should also be aware of potential exposure.

Technical summary

The Motors – Car Dealership & Classified Listings Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Comment Content and User Biographical Info in all versions up to, and including, 1.4.112. This is due to insufficient input sanitization and output escaping, allowing unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The vulnerability has a HIGH CVSS score of 7.2, indicating a high severity. Defenders should focus on updating to a patched version and implementing additional security measures to mitigate potential exposure.

Defensive priority

High priority given the HIGH CVSS score of 7.2 and the potential for unauthenticated attacks. Defenders should immediately review the affected scope and implement necessary mitigations to prevent exploitation.

Recommended defensive actions

  • Update Motors – Car Dealership & Classified Listings Plugin to a version beyond 1.4.112
  • Implement Content Security Policy (CSP) to mitigate XSS attacks
  • Monitor user-generated content for suspicious scripts
  • Regularly review and update plugins and themes
  • Consider Web Application Firewall (WAF) rules for additional protection
  • Review compensating controls for exposed systems while remediation is scheduled and verified
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented

Evidence notes

Evidence primarily comes from the NVD and CVE records, with limited additional context. Further investigation may be needed to fully understand the vulnerability's impact and affected scope. The CVE record was published on 2026-07-11T04:17:16.650Z and has not been modified since then. The NVD entry is currently Received. Additional review of user-generated content and plugin configurations may provide further insights into potential exposure.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-11T04:17:16.650Z and has not been modified since then.