Hackers are exploiting a critical privilege escalation vulnerability in the WordPress theme "Motors" to hijack administrator accounts and gain complete control of a targeted site.
The malicious activity was spotted by Wordfence, which had warned last month about the severity of the flaw, tracked under CVE-2025-4322, urging users to upgrade immediately.
Motors, developed by StylemixThemes, is a WordPress theme popular among automotive-related websites. It has 22,460 sales on the EnvatoMarket and is backed by an active community of users.
The privilege escalation vulnerability was discovered on May 2, 2025, and first reported by Wordfence on May 19, impacting all versions before and including 5.6.67.
The flaw arises from an improper user identity validation during password updating, allowing unauthenticated attackers to change administrator passwords at will.
StylemixThemes released Motors version 5.6.68, which addresses CVE-2025-4322, on May 14, 2025, but many users failed to apply the update by Wordfence's disclosure and got exposed to elevated exploitation risk.
As Wordfence confirms in a new writeup, the attacks began on May 20, only a day after they publicly disclosed the details. Wide-scale attacks were observed by June 7, 2025, with Wordfence reporting blocking 23,100 attempts against its customers.
Daily attack volumes
Source: Wordfence
Attack process and signs of breach
... continue reading