A popular WordPress theme is kidnapped by malware - what we know here

‘Motors’ WordPress Theme takes the via -objection account which is open to takeover attacks
Wide attacks from 7 June
A patch version is available in 5.6.68, so update now

A popular Premium WordPress theme, thanks to an important privilege escapetation defect by hackers, which has been tracked as CVE-2025–4322.

The attackers are capable of taking advantage of vulnerability in the abduction administrator accounts in the ‘Motors’ themes, complete control of sites to change details, to inject false details and spread malicious payloads.

A popular pick, about 22,500 sales of the subject, developed by stylemixthemes and a popular pick, is logged on envatomarket.

‘Motors’ WordPress theme is kidnapped

The vulnerability was first discovered on May 2, 2025, later on 14 May with a patch released with an edition 5.6.68, which means that up-to-date accounts should be protected from potential account acquisition. Editions up to 5.6.67 are affected by Cve, with WordFence Reporting on details on May 19.

“This is due to the topic that the user’s identity is not properly valid before updating their passwords,” Wordfense explained.

“This makes it possible for informal attackers to change arbitrary user passwords, including administrators, and take advantage of this to get access to their account.”

Although the patch has already been released, the old version -running accounts are the threat of takeover, with the attacks starting on 20 May. Until 7 June, researchers were observing wide-scale attacks-Wordfenns have now blocked more than 23,000 attack efforts.

Wordfense also revealed several major IP addresses, which were seen to attack the sites – many attempts.

“A clear indication of the infection is that if the administrator of a site is unable to log in with the right password because it has been replaced as a result of this vulnerability,” the researchers explained.

The biggest change of ‘Motors’ theme is to update the user 5.6.68 version, closing vulnerability for the attackers and securing their accounts from takeover.

Through BlappingCopper

What's Hot

I tried 0patch as a last resort for my Windows 10 PC – here’s how it compares to its promises

A PC Expert Explains Why Don’t Use Your Router’s USB Port When These Options Are Present

New ‘Remote Labor Index’ shows AI fails 97% of the time in freelancer tasks

Meta is reportedly planning to raise the prices of a popular product

Ring vs. Blink: I compared the two most popular security camera brands, and here’s which one wins

This popular Fitbit is $80 off, and comes with a $20 Amazon credit — here’s how to cash in

Microsoft’s new text editor is a VIM and Nano option

The best luxury car for buyers for the first time in 2025

Massives Datenleck in Cloud-Spichenn | CSO online

Most Popular

Google tests AI-operated audio overview in search results for some questions

Yes, this was the original voice of the Garat in the trailer for the thief VR

Best LC10 loadout in call of duty: Warzone

Our Picks

I tried 0patch as a last resort for my Windows 10 PC – here’s how it compares to its promises

A PC Expert Explains Why Don’t Use Your Router’s USB Port When These Options Are Present

New ‘Remote Labor Index’ shows AI fails 97% of the time in freelancer tasks

Subscribe to Updates

What's Hot

A popular WordPress theme is kidnapped by malware – what we know here

Related Posts

Subscribe to Updates