- ‘Motors’ allowed the threat actors to take over the administration accounts
- This complete acquisition of the enabled website
- The developers launched a solution
Motors, a premium theme for WordPress, was to bring a critical severity vulnerability that allowed malicious actors to take care of the compromised websites.
The privileged escalation failure, due to the subject, incorrectly validating user identities before updating passwords, now is done as CVE-2025-4322, and has a seriously 9.8/10 gravity score (critic).
Wordfence security researchers, who first saw this error, explained how threat actors could use it to “change the passwords of arbitrary users, including those of administrators, and take advantage of that to get access to their account.”
Premium themes
Obviously, having access to an administration account gives malicious actors all types of privileges, including the complete acquisition of the website. All versions of up to 5.6.68 are affected. The update that addresses the defect was launched on May 14, 2025. Since the issues are not the easiest to suspend or exchange, as accessories, users are advised to update their engines as soon as possible.
Motors is an automobile dealership wordpress issue, designed for car dealers, classified listing, car rental, ships, repair services and motorcycle dealers. It is developed by a company called Stylemixthemes and, according to BleepingcomputerIt is one of the best -selling themes of this type. In the Envato Market, it is sold for $ 79 and more than 22,300 times has been sold.
WordPress is the world number one website builder platform, which feeds more than half of all websites on the Internet. This also makes it an important objective for cybercriminals, but, since it is mostly sure, computer pirates seek feats on issues and accessories, which are used as steps for greater commitment.
For example, at the beginning of March of this year, it was learned that JavaScript’s malicious code was implemented in more than 1,000 WordPress websites, following compromised extras. Users are recommended to only maintain the accessories they are really using and keep them updated at all times.
Through Bleepingcomputer