PatchSiren cyber security CVE debrief
CVE-2026-39515 StylemixThemes CVE debrief
A Subscriber Broken Access Control vulnerability exists in the Motors plugin for WordPress versions less than 1.4.107. This vulnerability has been assigned a CVSS score of 6.5, indicating a MEDIUM severity level. The vulnerability allows an attacker to bypass access controls, potentially leading to unauthorized actions. The Common Weakness Enumeration (CWE) associated with this vulnerability is CWE-862.
- Vendor
- StylemixThemes
- Product
- Motors
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Users of the Motors plugin for WordPress, particularly those using versions prior to 1.4.107, should be aware of this vulnerability and take steps to mitigate it.
Technical summary
The CVE-2026-39515 vulnerability is characterized by a CVSS vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. This indicates that the vulnerability can be exploited over the network (AV:N), requires low attack complexity (AC:L) and low privileges (PR:L), with no user interaction (UI:N), and can impact the availability (A:H) of the system.
Defensive priority
MEDIUM
Recommended defensive actions
- Update the Motors plugin to version 1.4.107 or later to address the Broken Access Control vulnerability.
- Review and restrict user privileges to minimize potential impact.
- Monitor plugin and WordPress core updates for future security patches.
Evidence notes
Evidence for this CVE comes from Patchstack, as indicated by the resource link labeled 'Mitigation or vendor reference' (ref-4).
Official resources
-
CVE-2026-39515 CVE record
CVE.org
-
CVE-2026-39515 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
CVE-2026-39515 was published on 2026-06-15T21:16:46.213Z and modified on 2026-06-15T21:24:32.790Z.