What is CVE-2025-4322?

CVE-2025-4322 (CVSS score 9.8) is a critical privilege escalation vulnerability affecting WordPress websites using the popular 'Motors' automotive theme. The flaw allows unauthenticated attackers to hijack administrator accounts and gain complete control of targeted sites by changing arbitrary user passwords, including those of administrators.

What causes the CVE-2025-4322 vulnerability?

The vulnerability is caused by the Motors theme not properly validating a user's identity prior to updating their password. This authentication bypass allows unauthenticated attackers to change passwords for any user account, including site administrators.

What is the Motors WordPress theme?

Motors is a popular WordPress theme designed for automotive websites, dealerships, and car-related businesses. It's widely used across many WordPress sites, making this vulnerability particularly impactful for the automotive industry online presence.

When did the exploitation of this vulnerability begin?

Following the public disclosure on May 19, 2025, threat actors began targeting vulnerable sites almost immediately. Mass exploitation was observed beginning on June 7th, 2025, with attackers quickly weaponizing the vulnerability for widespread attacks.

How widespread are the attacks on Motors theme websites?

Since mass exploitation began on June 7th, 2025, the Wordfence Firewall has blocked over 23,100 exploit attempts, indicating a significant and ongoing campaign targeting WordPress sites using the vulnerable Motors theme.

What passwords are attackers commonly using?

Common attacker-set passwords observed during attacks include Testtest123!@#, rzkkd$SP3znjrn, Kurd@Kurd12123, owm9cpXHAZTk, and db250WJUNEiG. These passwords are used to replace existing administrator passwords after successful exploitation.

What do attackers do after gaining access through CVE-2025-4322?

Once access is gained, attackers log into the WordPress dashboard as administrators and create new admin accounts for persistence. This allows them to maintain access even if the original compromised account is discovered and secured.

How can website owners fix the CVE-2025-4322 vulnerability?

Website administrators using the Motors theme should immediately update to version 5.6.68 or newer, which contains the fix for this critical vulnerability. This update should be applied as an urgent priority.

What should administrators do if they suspect their site was compromised?

Administrators should immediately update to Motors theme version 5.6.68 or newer, review logs for evidence of unauthorized password changes and unauthorized access, check for new administrator accounts that weren't created by legitimate users, change all administrator passwords, and conduct a thorough security audit of their WordPress installation.

Why is this vulnerability particularly dangerous?

This vulnerability is particularly dangerous because it has a critical CVSS score of 9.8, requires no authentication to exploit, allows complete takeover of WordPress sites, affects a popular theme used across many automotive websites, and is being actively exploited in mass attacks with over 23,100 blocked attempts.

Are these attacks still ongoing?

Yes, these attacks are still ongoing as of June 2025. The continuous blocking of over 23,100 exploit attempts by security services indicates that threat actors are actively scanning for and exploiting vulnerable Motors theme installations. Website owners should treat this as an active and immediate threat.

Attack

Active exploitation of critically vulnerable WordPress Motors theme

Q: What are the signs that a Motors theme website has been compromised?

Website administrators should watch for the sudden appearance of new administrator accounts combined with existing administrators being locked out of their accounts. These are clear signs of CVE-2025-4322 exploitation and unauthorized access.

published: June 21, 2025

Take action: If you are running Motors theme on your Wordpress, update IMMEDIATELY! Your site is vulnerable and hackers are attacking it. Don't delay this one, it urgent and important!

Learn More

WordPress websites using the popular "Motors" automotive theme are under active attack following the disclosure of a critical privilege escalation vulnerability that allows unauthenticated attackers to hijack administrator accounts and gain complete control of targeted sites.

The exploited flaw is tracked as CVE-2025-4322 (CVSS score 9.8) is caused by the theme not properly validating a user's identity prior to updating their password, making it possible for unauthenticated attackers to change arbitrary user passwords, including those of administrators.

Following the public disclosure on May 19, threat actors began targeting vulnerable sites almost immediately, with mass exploitation observed beginning on June 7th, 2025. Since then, the Wordfence Firewall has blocked over 23,100 exploit attempts.

Common attacker-set passwords observed during attacks include:

Testtest123!@#
rzkkd$SP3znjrn
Kurd@Kurd12123
owm9cpXHAZTk
db250WJUNEiG

Once access is gained, the attackers log into the WordPress dashboard as administrators and create new admin accounts for persistence. Website administrators should watch for sudden appearance of new administrator accounts combined with existing administrators being locked out, as these are signs of CVE-2025-4322 exploitation.

Website administrators using the Motors theme should immediately update to version 5.6.68 or newer and review logs for evidence of unauthorized password changes and unauthorized access.

Active exploitation of critically vulnerable WordPress Motors theme

Read More
Critical Cisco Smart Licensing Utility flaws actively exploited …
VMware reports public exploit of vRealize RCE vulnerability
Microsoft reports active exploitation of Paragon Partition Manager …
CISA warns of active exploitation of Windows SMB …
Craft CMS zero-Day vulnerabilities actively exploited