A critical privilege escalation vulnerability has been discovered in the premium Motors WordPress theme, enabling unauthenticated attackers to hijack administrator accounts and take full control of affected websites.
The flaw, tracked as CVE-2025-4322, was disclosed by Wordfence and has been added to the National Vulnerability Database (NVD).
Developed by StylemixThemes, Motors is a top-selling automotive theme widely used by car dealerships, rental companies, and vehicle listing platforms. With over 22,300 sales on Envato and thousands of active users, the theme is a critical component for many businesses.
According to Wordfence, the vulnerability affects all versions up to and including 5.6.67 and stems from improper identity validation during password updates. “This makes it possible for unauthenticated attackers to change arbitrary user passwords, including those of administrators,” the report states. Once compromised, attackers can implant malware, steal sensitive data, or redirect site traffic.
A patched version, Motors 5.6.68, was released on May 14, 2025. Site administrators are urged to immediately update to the latest version.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
