- ‘Motors’ allowed risk actors to take over admin accounts
- This enabled full web site takeover
- The builders launched a repair
Motors, a premium theme for WordPress, was carrying a critical-severity vulnerability that allowed malicious actors to totally take over compromised web sites.
The privilege escalation flaw, because of the theme improperly validating person identities earlier than updating passwords, is now tracked as CVE-2025-4322, and has a severity rating of 9.8/10 (important).
Safety researchers Wordfence, who first noticed this bug, defined how risk actors might use it to “change arbitrary person passwords, together with these of directors, and leverage that to achieve entry to their account.”
Premium themes
Clearly, accessing an admin account grants the malicious actors every kind of privileges, together with full web site takeover. All variations as much as 5.6.68 are affected. The replace that addresses the flaw was launched on Could 14, 2025. Since themes aren’t as easy to droop, or swap, as plugins, customers are suggested to replace their Motors as quickly as potential.
Motors is a automobile vendor WordPress theme, designed for auto sellers, categorised itemizing, auto rental, boats, restore providers, and motorbike sellers. It’s developed by an organization known as StylemixThemes and, in response to BleepingComputer, is among the top-selling themes of its sort. On the Envato market, it’s promoting for $79 and has been offered greater than 22,300 occasions.
WordPress is the world’s primary web site builder platform, powering greater than half of all web sites on the web. This additionally makes it a significant goal for cybercriminals however, because it’s largely safe, hackers are searching for exploits in themes and add-ons, that are used as stepping stones for additional compromise.
For instance, in early March this 12 months, information broke that malicious JavaScript code was deployed into greater than 1,000 WordPress web sites, following compromised extras. Customers are suggested to solely preserve the add-ons they’re really utilizing, and to maintain them up to date always.
Through BleepingComputer
You may also like
{content material}
Supply: {feed_title}
