A serious privilege escalation vulnerability has been identified in the premium WordPress theme Motors, enabling unauthenticated attackers to take over administrator accounts and gain complete control of websites.<\/p>\n
Motors, developed by StylemixThemes, is a widely acclaimed automotive theme utilized by various automotive enterprises, including car dealerships, rental services, and vehicle listing platforms. With over 22,300 sales on the Envato Market and a significant community presence manifested by numerous user reviews and comments, it is among the top-selling themes in its category.<\/p>\n
The vulnerability, designated as CVE-2025-4322, was recently disclosed by Wordfence and has been cataloged in the National Vulnerability Database. This issue affects all versions of the Motors theme up to and including 5.6.67.<\/p>\n
The root of this vulnerability lies in the theme\u2019s failure to adequately verify a user\u2019s identity before allowing password updates. This oversight permits unauthenticated attackers to alter the passwords of arbitrary users, including administrators, thereby facilitating unauthorized access.<\/p>\n
Once an attacker secures administrator-level access, the potential consequences include the deployment of malware, data exfiltration of sensitive member information, and the redirection of visitors to harmful websites.<\/p>\n
In response to this critical vulnerability, StylemixThemes released an updated version, 5.6.68, on May 14, 2025, addressing CVE-2025-4322.<\/p>\n
Given the fundamental role of WordPress themes in website functionality, it is crucial that users of the Motors theme upgrade to the latest version promptly. The vendor has provided a thorough online guide detailing the update process, including methods for updating through the WordPress panel, the Envato API, or manually via FTP.<\/p>\n
It is advisable to back up websites prior to any theme updates to mitigate the risk of potential data loss. While this issue does not affect a WordPress plugin currently in widespread use, it remains a significant security concern.<\/p>\n
Considering the pricing of $79 for a standard license and $2,000 for an extended license, the Motors theme is predominantly deployed on active websites, especially those associated with commercial operations.<\/p>\n","protected":false},"excerpt":{"rendered":"
A serious privilege escalation vulnerability has been identified in the premium WordPress theme Motors, enabling unauthenticated attackers to take over…<\/p>\n","protected":false},"author":1,"featured_media":1313,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"Default","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[28],"tags":[535,108,321],"class_list":["post-1312","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","tag-password","tag-vulnerability","tag-website"],"acf":[],"yoast_head":"\n