Skip to content

Penetration Testing Tools

  • Home
  • Apple
  • Google
    • Android
  • Information Security
    • Cyber Security
    • Cybercriminals
    • Data Leak
    • Malware
    • Vulnerability
  • Linux
  • Microsoft
    • Windows
  • Open Source Tool
  • Technology
  • Home
  • Apple
  • Google
    • Android
  • Information Security
    • Cyber Security
    • Cybercriminals
    • Data Leak
    • Malware
    • Vulnerability
  • Linux
  • Microsoft
    • Windows
  • Open Source Tool
  • Technology

Penetration Testing Tools

  • Vulnerability

WordPress “Motors” Theme Critical Flaw (CVE-2025-4322, CVSS 9.8): Unauthenticated Account Takeover & Mass Exploitation Underway

by ddos · June 24, 2025

A critical vulnerability discovered in the WordPress visual theme “Motors” has enabled hackers to seize administrative privileges en masse, granting them full control over compromised websites. Identified as CVE-2025-4322, the flaw represents a privilege escalation issue and was uncovered on May 2, 2025. The security team at Wordfence conducted the investigation and issued a public advisory on May 19, urging users to apply the patch without delay.

“Motors” is a commercial WordPress template developed by StylemixThemes. In WordPress terminology, a “theme” defines the site’s visual design, user interface layout, and display format, often incorporating additional functionality. Widely adopted among automotive-related platforms—from dealership websites to vehicle marketplaces—Motors has been downloaded more than 22,460 times via the EnvatoMarket marketplace.

The vulnerability affects all versions up to and including 5.6.68. A patch was released on May 14; however, many administrators had yet to update, and by May 20—just a day after public disclosure—exploitation attempts had already begun. As of June 7, Wordfence had recorded over 23,100 instances of active exploitation.

The root of the issue lies within the built-in “Login Register” widget, which manages authentication, registration, and password recovery. The vulnerability stems specifically from flawed logic in the password reset mechanism.

The attack begins with the identification of an active path to the login form—typically URLs such as /login-register, /account, /reset-password, or /signin. The attacker then initiates a series of POST requests containing deliberately malformed data, continuing until the server confirms the presence of the target endpoint.

Within the body of a successful request, a malicious value is passed to the ‘hash_check’ parameter, encoded with invalid UTF-8 characters. This triggers a failure in the hash validation process, mistakenly marking the request as legitimate and permitting a password reset.

The attacker then injects a new password into the ‘stm_new_password’ parameter and designates a user ID—commonly ID=1, corresponding to the original administrator account.

As a result, the hacker overrides the admin password, gains access to the site’s backend, and can create additional privileged accounts to maintain control.

Wordfence warns that telltale signs of compromise include unexpected lockouts of existing admin credentials and the appearance of unfamiliar accounts with elevated privileges—clear indicators of CVE-2025-4322 exploitation.

The report also lists IP addresses associated with the attacks, recommending that site owners temporarily block these sources at the web server level to mitigate automated intrusion attempts.

Researchers have identified specific credentials used by attackers during password injection:

  • Testtest123!@#
  • rzkkd$SP3znjrn
  • Kurd@Kurd12123
  • owm9cpXHAZTk
  • db250WJUNEiG

The presence of any of these passwords in logs or the admin panel should prompt an immediate and thorough security review. All users of the Motors theme are strongly advised to update to version 5.6.68 without delay, audit the list of administrator accounts, and scrutinize activity logs for any signs of irregular behavior.

Share

Tags: Account TakeoverCVE-2025-4322cybersecurityMotors ThemePatch Nowprivilege escalationvulnerabilityweb securityWordfenceWordPress

Follow:

  • Next story Cloudflare Mitigates Record 7.3 Tbps DDoS Attack: Largest Ever Recorded
  • Previous story Russian APT UNC6293 Exploits Google App Passwords to Bypass 2FA, Hacks Prominent Critics

Search

MAKE THE WEBSITE ONLINE

  • Popular Posts
  • Tags
  • CISA Thorium

    Open Source Tool

    CISA Unleashes Thorium: A Powerful New Platform for Automated Malware & Forensic Analysis at Scale

    August 4, 2025

  • WordPress RCE WordPress Backdoor WordPress Plugin, Arbitrary File Deletion

    Vulnerability

    Forminator WordPress Plugin Flaw (CVE-2025-6463, CVSS 8.8): Unauthenticated Arbitrary File Deletion Leads to Site Takeover

    July 5, 2025

  • IoT Vulnerabilities Scattered Spider Smishing

    Cybercriminals

    Chinese Student Jailed for Smishing: Operated Covert “SMS Blaster” in Car for Mass Phishing

    July 5, 2025

  • AI Security Supply Chain Security xAI Security Qantas Data Breach Android Spyware

    Data Leak

    Catwatchful Spyware Hacked: Critical Flaw Exposes 62,000 User Logins & Victim Data

    July 5, 2025

  • SparkKitty AI-Generated Racism

    Technology

    Racist Videos Generated by Google’s Veo 3 Flood TikTok, Amassing Millions of Views

    July 5, 2025

  • AI Amazon AMD Android Apple ARM Artificial intelligence Asus ChatGPT chrome cyberattack cybercrime cybersecurity facebook Firefox Github google Google Chrome Huawei Intel Lenovo LG Linux Linux Kernel malware MediaTek Meta Microsoft microsoft edge Nvidia OpenAI open source phishing Qualcomm ransomware Samsung SK Hynix Sony TSMC vulnerability windows Windows 10 Windows 10X Windows 11 Xbox




Reward

Brilliantly

SAFE!

meterpreter.org

Content & Links

Verified by Sur.ly

2022

  • Home
  • About Us
  • Contact Us
  • DMCA NOTICE
  • Privacy Policy

Penetration Testing Tools © 2025. All Rights Reserved.