- ‘Motors’ WordPress -Tema vulnerability leaves accounts open to acquisition attack
- Widespread attacks were observed from June 7 onwards
- A patch is available in version 5.6.68, so update now
A popular Premium WordPress theme has been exploited by hackers thanks to a critical privilege scaling error traced as CVE-2025-4322.
Attackers are able to utilize the vulnerability of the theme ‘Motors’ to hijack administrator accounts, take full control over sites to change details, inject false details and spread malicious payload.
Developed by Stylemixthemes and a popular choice among car sites is almost 22,500 sales of the theme logged in Envatomarket.
‘Motors’ WordPress -theme has been hijacked
The vulnerability had only been discovered on May 2, 2025, with a patch that was later released with version 5.6.68 on May 14, which means that up -to -date accounts must be protected from potential account takeover. Versions up to 5.6.67 are affected by CVE, where Wordfence reports on the details of May 19.
“This is because the theme does not correctly validate a user’s identity before updating their password,” Wordfence explained.
“This allows non -authentic attackers to change arbitrary user passwords, including administrators, and leverage it to access their account.”
Although the patch has already been released, accounts that are still running older versions are at risk of acquisition, with attacks that have been started on May 20. In June 7, researchers observed broad-scale-attack-words have now blocked more than 23,000 attack attempts.
Wordfence also revealed a number of central IP addresses that are seen to attack places – many who make thousands of trials each.
“An obvious sign of infection is if a site’s administrator is unable to log in with the correct password as it may have been changed as a result of this vulnerability,” the researchers explained.
The biggest change users of the ‘Motors’ theme can do is update to version 5.6.68, close the vulnerability to attackers and secure their accounts from takeover.
Via Bleeping computer
