Hackers are actively exploiting a critical privilege escalation vulnerability in the popular WordPress theme “Motors,” risking the security of thousands of websites by hijacking administrator accounts. The flaw, tracked as CVE-2025-4322, was identified by Wordfence, which issued a warning urging users to upgrade immediately to safeguard their sites.
Developed by StylemixThemes, the Motors theme is favored in the automotive sector, with over 22,460 sales on the EnvatoMarket. The vulnerability was discovered on May 2, 2025, and announced on May 19, impacting all versions up to 5.6.67. It stems from improper user identity validation during password updates, enabling unauthorized attackers to change administrator passwords.
Despite StylemixThemes releasing an updated version 5.6.68 on May 14, 2025, many users remained vulnerable, as highlighted by Wordfence. The exploitation surged shortly after the disclosure, with attacks beginning on May 20 and escalating exponentially, resulting in over 23,100 blocked attempts by June 7.
The exploit works through the theme’s “Login Register” widget. Attackers send specially crafted POST requests containing invalid UTF-8 characters to the widget’s URL, successfully manipulating the password reset logic. Wordfence documented various attacker-set passwords, including unconventional strings like Testtest123!@# and Kurd@Kurd12123, pointing towards a concerning trend in automated hacks. Site owners have been advised to monitor for unexpected admin accounts and implement IP blocklists to mitigate these attacks.