<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>Stylemix - CraftedSignal Threat Feed</title><link>https://feed.craftedsignal.io/vendors/stylemix/</link><description>Trending threats, MITRE ATT&amp;CK coverage, and detection metadata. Fed continuously.</description><generator>Hugo</generator><language>en</language><managingEditor>hello@craftedsignal.io</managingEditor><webMaster>hello@craftedsignal.io</webMaster><lastBuildDate>Sat, 11 Jul 2026 04:19:25 +0000</lastBuildDate><atom:link href="https://feed.craftedsignal.io/vendors/stylemix/feed.xml" rel="self" type="application/rss+xml"/><item><title>CVE-2026-13114: Stored Cross-Site Scripting in WordPress Motors - Car Dealership &amp; Classified Listings Plugin</title><link>https://feed.craftedsignal.io/briefs/2026-07-cve-2026-13114-wordpress-xss/</link><pubDate>Sat, 11 Jul 2026 04:19:25 +0000</pubDate><author>hello@craftedsignal.io</author><guid isPermaLink="true">https://feed.craftedsignal.io/briefs/2026-07-cve-2026-13114-wordpress-xss/</guid><description>An unauthenticated attacker can exploit CVE-2026-13114, a Stored Cross-Site Scripting vulnerability in the WordPress Motors - Car Dealership &amp; Classified Listings Plugin versions up to 1.4.112, by injecting arbitrary web scripts into comment content or user biographical information, leading to client-side code execution when a victim views the affected page.</description><content:encoded><![CDATA[<p>CVE-2026-13114 identifies a Stored Cross-Site Scripting (XSS) vulnerability affecting the &quot;Motors - Car Dealership &amp; Classified Listings Plugin&quot; for WordPress, specifically in all versions up to and including 1.4.112. This flaw stems from insufficient input sanitization and output escaping when handling comment content and user biographical information. The vulnerability allows unauthenticated attackers to inject arbitrary web scripts into pages. When a user, including an administrator, subsequently accesses an injected page, the malicious script executes within their browser. This can lead to session hijacking, unauthorized actions on behalf of the victim, or website defacement. Organizations running affected versions of this plugin are at risk of client-side attacks and potential compromise of user accounts.</p>
<h2 id="attack-chain">Attack Chain</h2>
<ol>
<li>An unauthenticated attacker crafts a malicious JavaScript payload designed to perform actions like stealing session cookies or redirecting users.</li>
<li>The attacker identifies a WordPress site using the vulnerable &quot;Motors - Car Dealership &amp; Classified Listings Plugin&quot;.</li>
<li>The attacker submits the crafted malicious script within a comment field or modifies their user biographical information on the vulnerable WordPress site.</li>
<li>Due to insufficient input sanitization, the &quot;Motors - Car Dealership &amp; Classified Listings Plugin&quot; stores this malicious payload directly into the WordPress database.</li>
<li>A legitimate user, such as a site administrator or another visitor, navigates to a web page where the compromised comment or user profile information is displayed.</li>
<li>As the page renders, the malicious JavaScript previously injected by the attacker executes within the victim's web browser, within the context of the vulnerable website.</li>
<li>The executed script performs its intended action, potentially leading to session hijacking, unauthorized actions on behalf of the victim, or redirection to phishing sites.</li>
</ol>
<h2 id="impact">Impact</h2>
<p>Successful exploitation of CVE-2026-13114 allows unauthenticated attackers to execute arbitrary JavaScript in the browsers of other users who view affected pages. This can lead to a range of client-side attacks, including stealing session cookies, which could allow an attacker to hijack a user's session without needing their login credentials. Attackers could also redirect users to malicious websites, deface the website, or perform actions on the site as the victim, potentially leading to privilege escalation if an administrator's session is compromised. The source does not specify any observed victims or targeted sectors, but any organization using the vulnerable plugin is at risk.</p>
<h2 id="recommendation">Recommendation</h2>
<ul>
<li>Immediately update the &quot;Motors - Car Dealership &amp; Classified Listings Plugin&quot; for WordPress to a version patched against CVE-2026-13114.</li>
<li>Implement web application firewall (WAF) rules to detect and block common Stored Cross-Site Scripting (XSS) payloads in HTTP request bodies or URL parameters, targeting inputs to comment content and user biographical information fields.</li>
<li>Monitor <code>webserver</code> logs for suspicious HTTP requests containing common XSS payloads, such as <code>&lt;script&gt;</code>, <code>onerror</code>, or <code>javascript:</code> keywords, particularly in POST request bodies or URL query parameters directed at WordPress endpoints.</li>
</ul>
]]></content:encoded><category domain="severity">high</category><category domain="type">advisory</category><category>wordpress</category><category>xss</category><category>web-application</category><category>cve</category><category>plugin-vulnerability</category></item></channel></rss>