- ‘Motors’ WordPress theme vulnerability leaves accounts open to takeover attacks
- Widespread attacks were observed from June 7 onwards
- A patch is available in version 5.6.68, so update now
A popular premium WordPress theme, has been exploited by hackers thanks to a critical privilege escalation flaw tracked as CVE-2025-4322.
Attackers are able to exploit the vulnerability in the ‘Motors’ theme to hijack administrator accounts, taking full control of sites to change details, inject false details and spread malicious payloads.
Developed by StylemixThemes and a popular pick among automotive websites, nearly 22,500 sales of the theme have been logged on EnvatoMarket.
You may like
‘Motors’ WordPress theme has been hijacked
The vulnerability had first been discovered on May 2, 2025, with a patch later released with version 5.6.68 on May 14, meaning that up-to-date accounts should be protected from potential account takeovers. Versions up to 5.6.67 are affected by the CVE, with Wordfence reporting on the details on May 19.
“This is due to the theme not properly validating a user’s identity prior to updating their password,” Wordfence explained.
“This makes it possible for unauthenticated attackers to change arbitrary user passwords, including those of administrators, and leverage that to gain access to their account.”
Although the patch has already been released, accounts that are still running older versions are at risk of takeover, with attacks seen to have started on May 20. By June 7, researchers were observing wide-scale attacks – Wordfence has now blocked more than 23,000 attack attempts.
Wordfence also disclosed a number of key IP addresses seen to be attacking sites – many making thousands of attempts each.
“One obvious sign of infection is if a site’s administrator is unable to log in with the correct password as it may have been changed as a result of this vulnerability,” the researchers explained.
The biggest change users of the ‘Motors’ theme can do is to update to version 5.6.68, closing the vulnerability to attackers and securing their accounts from takeovers.
Via BleepingComputer
