Recommended reading

A popular WordPress theme has been hijacked by malware - here's what we know

News
By published

Update this WordPress theme now

Caution sign data unlocking hackers. Malicious software, virus and cybercrime, System warning hacked alert, cyberattack on online network, data breach, risk of website
(Image credit: sarayut Thaneerat/ via Getty Images)
  • 'Motors' WordPress theme vulnerability leaves accounts open to takeover attacks
  • Widespread attacks were observed from June 7 onwards
  • A patch is available in version 5.6.68, so update now

A popular premium WordPress theme, has been exploited by hackers thanks to a critical privilege escalation flaw tracked as CVE-2025-4322.

Attackers are able to exploit the vulnerability in the 'Motors' theme to hijack administrator accounts, taking full control of sites to change details, inject false details and spread malicious payloads.

Developed by StylemixThemes and a popular pick among automotive websites, nearly 22,500 sales of the theme have been logged on EnvatoMarket.

'Motors' WordPress theme has been hijacked

The vulnerability had first been discovered on May 2, 2025, with a patch later released with version 5.6.68 on May 14, meaning that up-to-date accounts should be protected from potential account takeovers. Versions up to 5.6.67 are affected by the CVE, with Wordfence reporting on the details on May 19.

"This is due to the theme not properly validating a user's identity prior to updating their password," Wordfence explained.

"This makes it possible for unauthenticated attackers to change arbitrary user passwords, including those of administrators, and leverage that to gain access to their account."

Although the patch has already been released, accounts that are still running older versions are at risk of takeover, with attacks seen to have started on May 20. By June 7, researchers were observing wide-scale attacks – Wordfence has now blocked more than 23,000 attack attempts.

Wordfence also disclosed a number of key IP addresses seen to be attacking sites – many making thousands of attempts each.

"One obvious sign of infection is if a site’s administrator is unable to log in with the correct password as it may have been changed as a result of this vulnerability," the researchers explained.

The biggest change users of the 'Motors' theme can do is to update to version 5.6.68, closing the vulnerability to attackers and securing their accounts from takeovers.

Via BleepingComputer

You might also like

TOPICS
Craig Hale
Craig Hale

With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.