- The vulnerability of the ‘Motors’ WordPress theme leaves the accounts open to acquisition attacks
- Generalized attacks were observed from June 7 onwards
- A patch is available in version 5.6.68, so update now
A Popular WordPress Premium issue has been exploited by computer pirates thanks to a critical privileged climbing fault tracked as CVE-2025-4322.
The attackers can exploit vulnerability in the issue of ‘engines’ to kidnap administrator accounts, take total control of sites to change details, inject false details and disseminate malicious useful charges.
Developed by Stylemixthemes and a popular election between automotive websites, almost 22,500 sales of the theme have been recorded in Envatomarket.
The ‘Motors’ WordPress theme has been kidnapped
Vulnerability had been discovered for the first time on May 2, 2025, with a patch launched later with version 5.6.68 on May 14, which means that updated accounts should be protected from possible accounts. The versions of up to 5.6.67 are affected by the CVE, with Wordfence informing about the details on May 19.
“This is because the issue did not correctly validate a user’s identity before updating his password,” said Wordfence.
“This makes it possible for non -authenticated attackers to change the arbitrary passwords of the users, including those of administrators, and take advantage of that to get access to their account.”
Although the patch has already been published, the accounts that are still executing older versions run the risk of acquisition, with the attacks seen on May 20. By June 7, researchers observed large -scale attacks, Wordfence has now blocked more than 23,000 attack attempts.
Wordfence also revealed a series of key IP addresses that are considered attack sites, many making thousands of attempts each.
“An obvious sign of infection is whether the administrator of a site cannot log in with the correct password, since it may have changed as a result of this vulnerability,” the researchers explained.
The greatest change that users of the theme ‘Motors’ can do is update to version 5.6.68, closing vulnerability to attackers and ensuring their acquisition accounts.
Through Bleepingcomputer
