CVE-2026-54812
Deferred Deferred - Pending Action
Blind SQL Injection in StylemixThemes Motors

Publication date: 2026-06-17

Last updated on: 2026-06-17

Assigner: Patchstack

Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in StylemixThemes Motors allows Blind SQL Injection. This issue affects Motors: from n/a through 1.4.109.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-17
Last Modified
2026-06-17
Generated
2026-06-17
AI Q&A
2026-06-17
EPSS Evaluated
N/A
NVD
CVE-2026-54812
EUVD
EUVD-2026-37727
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
stylemixthemes motors From 1.0.0 (inc) to 1.4.109 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-89 The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The SQL Injection vulnerability in the WordPress Motors Plugin allows attackers to interact directly with the website's database and potentially steal sensitive information.

Such unauthorized access and potential data theft can lead to non-compliance with data protection regulations like GDPR and HIPAA, which require the protection of sensitive personal and health information.

Failure to protect sensitive data due to this vulnerability could result in regulatory penalties and damage to organizational reputation.

Executive Summary

CVE-2026-54812 is a Blind SQL Injection vulnerability found in the WordPress Motors Plugin, versions 1.4.109 and below. This flaw allows attackers to inject malicious SQL commands into the website's database queries without direct visibility of the results, potentially enabling unauthorized database interactions.

Impact Analysis

This vulnerability poses a critical risk with a CVSS score of 9.3. Exploiting it could allow attackers to interact directly with your website's database, potentially leading to the theft of sensitive information. It may also be used in widespread attacks targeting many websites, causing data breaches and service disruptions.

Detection Guidance

The vulnerability is a Blind SQL Injection in the WordPress Motors Plugin versions 1.4.109 and below. Detection typically involves monitoring for unusual database queries or web requests that attempt SQL injection patterns.

While specific commands are not provided in the resources, common detection methods include using web application firewalls (WAF) with rules to detect SQL injection attempts, or running security scanners that test for SQL injection vulnerabilities.

Patchstack has provided a mitigation rule to block attacks until the plugin is updated, which can also help in detecting exploitation attempts.

Mitigation Strategies

The immediate step to mitigate this vulnerability is to update the WordPress Motors Plugin to version 1.4.110 or later, which contains the patch that resolves the SQL Injection issue.

Until the update can be applied, users are advised to implement the mitigation rule provided by Patchstack to block attacks targeting this vulnerability.

Additionally, seeking assistance from your hosting provider or developer to apply these mitigations is recommended.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-54812. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart