Vendor
An unauthenticated attacker can exploit CVE-2026-13114, a Stored Cross-Site Scripting vulnerability in the WordPress Motors - Car Dealership & Classified Listings Plugin versions up to 1.4.112, by injecting arbitrary web scripts into comment content or user biographical information, leading to client-side code execution when a victim views the affected page.