Critical security vulnerability in Premium WordPress Motors theme allows unauthenticated account takeover
Take action: If you are running Motors theme on your Wordpress, update IMMEDIATELY! Your site is vulnerable and an attacker will compromise it. Don't delay this one, it urgent and important!
Learn More
A critical privilege escalation vulnerability has been discovered in the premium WordPress theme Motors - a widely used theme by automotive businesses worldwide.
This vulnerability is tracked as CVE-2025-4322 (CVSS score 9.8) - Unauthenticated Privilege Escalation via Password Update/Account Takeove. It allows unauthenticated attackers to hijack administrator accounts and take complete control of website. The flaw is caused by the theme not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to change arbitrary user passwords, including those of administrators, and leverage that to gain access to their account.
The exploitation of this vulnerability requires no authentication.
Once an attacker gains administrative access, they could install malware on the website, exfiltrate database contents and sensitive member details take full control of the content or redirect visitors to dangerous sites.
The vulnerability affects all versions of the Motors theme up to and including 5.6.67.
StylemixThemes released Motors version 5.6.68 on May 14, 2025. Website owners using the Motors theme are strongly advised to update immediately.
