CVE-2026-54814
published 2026-06-17CVE-2026-54814: WordPress Motors plugin <= 1.4.109 - Local File Inclusion vulnerability Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote…
high8.1CVSS 3.1
AVNACHPRNUINSUCHIHAH
EPSS
0.34%
25.5th percentile
WordPress Motors plugin <= 1.4.109 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in StylemixThemes Motors allows PHP Local File Inclusion.
This issue affects Motors: from n/a through 1.4.109.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| stylemixthemes | motors | n/a – 1.4.109 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Stylemixmes Motors Plugin up to 1.4.109 on WordPress filename control
vuldb·2026-06-17
CVE-2026-54814 [LOW] Stylemixmes Motors Plugin up to 1.4.109 on WordPress filename control
A vulnerability was found in Stylemixmes Motors Plugin up to 1.4.109 on WordPress. It has been declared as problematic. Impacted is an unknown function. Such manipulation leads to improper control of filename for include/require statement in php program ('php remote file inclusion').
This vulnerability is traded as CVE-2026-54814. The attack may be launched remotely. There is no exploit available.
GHSA
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in StylemixThemes Motors allows PHP Local File Inclusion.
ghsa_unreviewed·2026-06-17
CVE-2026-54814 [HIGH] CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in StylemixThemes Motors allows PHP Local File Inclusion.
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in StylemixThemes Motors allows PHP Local File Inclusion.
This issue affects Motors: from n/a through 1.4.109.
CVEList
WordPress Motors plugin <= 1.4.109 - Local File Inclusion vulnerability
cvelistv5·2026-06-17·CVSS 8.1
CVE-2026-54814 [HIGH] CWE-98 WordPress Motors plugin <= 1.4.109 - Local File Inclusion vulnerability
WordPress Motors plugin <= 1.4.109 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in StylemixThemes Motors allows PHP Local File Inclusion.
This issue affects Motors: from n/a through 1.4.109.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-06-17
Published