Premium WordPress 'Motors' theme vulnerable to admin takeover attacks

A critical privilege escalation vulnerability has been discovered in the premium WordPress theme Motors, which allows unauthenticated attackers to hijack administrator accounts and take complete control of websites. Developed by StylemixThemes, Motors is one of the top-selling automotive themes for the WordPress platform. It is very popular among automotive businesses such as car dealerships, rental services, and used vehicle listing platforms. It has over 22,300 sales on the Envato market, with hundreds of user reviews and thousands of comments, indicating a highly active community around it. The flaw, tracked as CVE-2025-4322, was publicly disclosed by Wordfence earlier today and added to the National Vulnerability Database (NVD). It is a privilege escalation problem impacting all versions of the Motors theme up to and including 5.6.67. "This (vulnerability) is due to the theme not properly validating a user's identity prior to updating their password," explains Wordfence. "Thi ... Read full article.