A critical security flaw tracked as CVE-2025-4322 has left a widely used premium WordPress theme exposed to attackers.
Cybercriminals have been exploiting this vulnerability in the Motors theme to seize administrator accounts, allowing them to fully compromise websites—modifying information, inserting fake content, and distributing malicious payloads.
Developed by StylemixThemes, Motors has become especially popular with automotive websites, recording nearly 22,500 purchases on EnvatoMarket. Security researchers first identified the flaw on May 2, 2025, and a fix was issued with version 5.6.68 on May 14. Users who have updated to this version are protected, while those still running versions up to 5.6.67 remain vulnerable.
“This is due to the theme not properly validating a user’s identity prior to updating their password,” Wordfence explained.
“This makes it possible for unauthenticated attackers to change arbitrary user passwords, including those of administrators, and leverage that to gain access to their account.”
Despite the release of the patch, attacks began surfacing as early as May 20. By June 7, researchers observed widespread exploitation, with Wordfence reporting it had already blocked over 23,000 attack attempts. The firm also shared lists of IP add
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: