A popular WordPress theme is hijacked by malware – this is what we know
- Advertisement -
Related Posts
- Advertisement -
- ‘Motors’ WordPress -theme Vulnerability leaves accounts open for takeover -attacks
- Widespread attacks were observed from 7 June
- A patch is available in version 5.6.68, so update now
A popular premium WordPress -themewas operated by hackers thanks to a criticism of privilege escalation error followed as CVE-2025-4322.
Attackers can exploit the vulnerability in the ‘Motors’ theme to hijack administrator accounts, take full control over sites to change details, inject false details and spread malignant payloads.
Developed by Stylemixthemes and a popular choice under Automotive websites, nearly 22,500 sales of the theme are recorded on envato market.
‘Motors’ WordPress theme is hijacked
The vulnerability was discovered for the first time on 2 May 2025, with a patch later released with version 5.6.68 on 14 May, which means that up-to-date accounts must be protected against potential account takeovers. Versions up to 5.6.67 are influenced by the CVE, where Wordfence reports on the details on 19 May.
“This is due to the theme that the identity of a user does not correctly validate before they update their password,” Wordfence explained.
“This makes it possible for non -authorized attackers to change random user passwords, including those of managers, and to use that to gain access to their account.”
Although the patch has already been released, accounts that are still running older versions, the risk of acquisition, with attacks that were seen on 20 May. By 7 June, researchers observed on a large-scale attack-winfence has now blocked more than 23,000 attack attempts.
Wordfence also revealed a number of important IP addresses that were seen as attacking sites – many who each made thousands of attempts.
“A clear sign of infection is if the manager of a site is unable to log in with the correct password, because it may have changed as a result of this vulnerability,” the researchers explained.
The biggest change that users of ‘engines’ can make is to update to version 5.6.68, closing the vulnerability for attackers and securing their accounts of acquisitions.
Maybe you like it too
- Advertisement -
