CVE-2026-27433
Deferred Deferred - Pending Action

Unauthenticated Broken Access Control in Motors <= 5.6.80

Vulnerability report for CVE-2026-27433, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-02

Last updated on: 2026-07-02

Assigner: Patchstack

Description

Unauthenticated Broken Access Control in Motors <= 5.6.80 versions.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-02
Last Modified
2026-07-02
Generated
2026-07-02
AI Q&A
2026-07-02
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Currently, no data is known.

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

The CVE-2026-27433 vulnerability affects the WordPress Motors Theme, specifically versions 5.6.80 and earlier.

It is classified as a Broken Access Control vulnerability, meaning there is a missing authorization, authentication, or nonce token check in a function.

This flaw could allow an unauthenticated user to perform actions that normally require higher privileges.

Impact Analysis

Because of the broken access control, an unauthenticated attacker could perform privileged actions without proper authorization.

This could lead to unauthorized changes or disruptions on a website using the affected Motors Theme versions.

The vulnerability has a moderate severity score of 6.5 and is expected to be targeted in mass-exploit campaigns, increasing the risk of exploitation.

Currently, there is no official patch available, so immediate mitigation such as applying Patchstack's blocking rules or updating the theme is advised.

Detection Guidance

The provided resources do not include specific commands or methods to detect the CVE-2026-27433 vulnerability on your network or system.

Mitigation Strategies

Immediate mitigation steps include updating the WordPress Motors Theme to a version later than 5.6.80 once available.

Since no official patch is currently available, Patchstack has issued a mitigation rule to block attacks targeting this vulnerability.

It is also advised to seek assistance from your hosting provider or a web developer to apply these mitigations safely.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-27433. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart