Vulnerability that makes the full Admin takeover possible in the Premium WordPress theme
- Advertisement -
Related Posts
- Advertisement -
- ‘Motors’ allowed threat actors to take over Admin accounts
- This enabled full website -takeover
- The developers have released a solution
Motors, a Premium theme for WordPress, wore a vulnerability of critical seriousness, enabling malicious actors to fully take over compromised websites.
The privilege escalation error, because of the theme that the identity of the users wrongly validates before updating passwords, is now being kept as a CVE-2025-4322 and has a serious score of 9.8/10 (critical).
Security researchers Wordfence, who saw this bug for the first time, explained how threat actors could use it to “change random user passwords, including those of managers, and to use access to their account.”
Premium themes
It is clear that access to an admin account grants the malignant actors all kinds of privileges, including full acquisition of the websites. All versions up to 5.6.68 are influenced. The update that tackles the error was released on May 14, 2025. Because themes are not as easy to suspend or exchange as plug -ins, users are advised to update their engines as quickly as possible.
Motors is a car dealer WordPress theme, designed for car dealers, classified list, car rental, boats, repair services and motorcycle traders. It was developed by a company called Stylemixthemes and according to Bleeping computerIs one of the best -selling themes of its kind. On the Envato market it sells for $ 79 and it has been sold more than 22,300 times.
WordPress is the world Number one website builder Platform, which flows more than half of all websites on the internet. This also makes it an important target for cyber criminals, but because it is usually safe, hackers are looking for exploits in themes and add-ons, which are used as stepping stones for further compromise.
At the beginning of March of this year, for example, the news broke that malicious JavaScript code was implemented in more than 1,000 WordPress websites, after compromised extras. Users are advised to keep only the add-ons that they actually use and to always keep them informed.
Maybe you like it too
- Advertisement -
