Skip to content

Information Security News

  • Home
  • Cyber Security
  • Cybercriminals
  • Data Leak
  • Google
    • Android
  • Information Security
  • Linux
  • Malware
  • Microsoft
    • Windows
  • Open Source Tool
  • Vulnerability
  • Technology

Information Security News

  • Home
  • Cyber Security
  • Cybercriminals
  • Data Leak
  • Google
    • Android
  • Information Security
  • Linux
  • Malware
  • Microsoft
    • Windows
  • Open Source Tool
  • Vulnerability
  • Technology
  • Vulnerability

WordPress “Motors” Theme Critical Flaw (CVE-2025-4322, CVSS 9.8): Unauthenticated Account Takeover & Mass Exploitation Underway

by Nam Phong · June 24, 2025

A critical vulnerability discovered in the WordPress visual theme “Motors” has enabled hackers to seize administrative privileges en masse, granting them full control over compromised websites. Identified as CVE-2025-4322, the flaw represents a privilege escalation issue and was uncovered on May 2, 2025. The security team at Wordfence conducted the investigation and issued a public advisory on May 19, urging users to apply the patch without delay.

“Motors” is a commercial WordPress template developed by StylemixThemes. In WordPress terminology, a “theme” defines the site’s visual design, user interface layout, and display format, often incorporating additional functionality. Widely adopted among automotive-related platforms—from dealership websites to vehicle marketplaces—Motors has been downloaded more than 22,460 times via the EnvatoMarket marketplace.

The vulnerability affects all versions up to and including 5.6.68. A patch was released on May 14; however, many administrators had yet to update, and by May 20—just a day after public disclosure—exploitation attempts had already begun. As of June 7, Wordfence had recorded over 23,100 instances of active exploitation.

The root of the issue lies within the built-in “Login Register” widget, which manages authentication, registration, and password recovery. The vulnerability stems specifically from flawed logic in the password reset mechanism.

The attack begins with the identification of an active path to the login form—typically URLs such as /login-register, /account, /reset-password, or /signin. The attacker then initiates a series of POST requests containing deliberately malformed data, continuing until the server confirms the presence of the target endpoint.

Within the body of a successful request, a malicious value is passed to the ‘hash_check’ parameter, encoded with invalid UTF-8 characters. This triggers a failure in the hash validation process, mistakenly marking the request as legitimate and permitting a password reset.

The attacker then injects a new password into the ‘stm_new_password’ parameter and designates a user ID—commonly ID=1, corresponding to the original administrator account.

As a result, the hacker overrides the admin password, gains access to the site’s backend, and can create additional privileged accounts to maintain control.

Wordfence warns that telltale signs of compromise include unexpected lockouts of existing admin credentials and the appearance of unfamiliar accounts with elevated privileges—clear indicators of CVE-2025-4322 exploitation.

The report also lists IP addresses associated with the attacks, recommending that site owners temporarily block these sources at the web server level to mitigate automated intrusion attempts.

Researchers have identified specific credentials used by attackers during password injection:

  • Testtest123!@#
  • rzkkd$SP3znjrn
  • Kurd@Kurd12123
  • owm9cpXHAZTk
  • db250WJUNEiG

The presence of any of these passwords in logs or the admin panel should prompt an immediate and thorough security review. All users of the Motors theme are strongly advised to update to version 5.6.68 without delay, audit the list of administrator accounts, and scrutinize activity logs for any signs of irregular behavior.

Related coverage

  • Adobe ColdFusion Critical Vulnerabilities Patched
  • CrowdStrike Exposes New Prompt Injection Techniques
  • Uncovering the Favicon Attack Surface
  • GamersFirst Anti-Cheat Driver Has 3 CVEs in Windows
  • 6 U-Boot Vulnerabilities Let Attackers Hijack Boot Process

Support Our Threat Intelligence

If you find our technology report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee Logo Buy Me a Coffee PayPal
Crypto QR Code
USDT (TRC20):
TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm
USDT (ERC20):
0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce

Tags: Account TakeoverCVE-2025-4322cybersecurityMotors ThemePatch Nowprivilege escalationvulnerabilityweb securityWordfenceWordPress

Follow:

  • Next story Cloudflare Mitigates Record 7.3 Tbps DDoS Attack: Largest Ever Recorded
  • Previous story Russian APT UNC6293 Exploits Google App Passwords to Bypass 2FA, Hacks Prominent Critics

  • Recent Posts
  • Popular Posts
  • Tags
  • ACSC CMS exploitation campaign web shells installed via WordPress and Joomla CVEs globally

    Cybercriminals

    ACSC Warns: CMS Campaign Installs Web Shells via 17 CVEs

    July 14, 2026

  • U-Boot FIT image signature verification vulnerabilities CVE Binarly bootloader exploit firmware

    Vulnerability

    6 U-Boot Vulnerabilities Let Attackers Hijack Boot Process

    July 14, 2026

  • Progress Software ShareFile Storage Zone Controller shut down over external threat CVE-2026-2699

    Vulnerability

    Progress Software Shuts Down ShareFile Over External Threat

    July 14, 2026

  • Diagram illustrating the jscrambler supply chain attack and IronWorm malware infection process

    Malware

    Jscrambler Supply Chain Attack Analysis

    July 14, 2026

  • GhostCommit AI vulnerability diagram illustrating prompt injection against AI coding assistants

    Vulnerability

    The GhostCommit Vulnerability: AI Assistants Weaponized via Images

    July 14, 2026

  • Apache Camel vulnerabilities enabling server-side request forgery and authentication bypass in JMS and WebSocket connectors

    Vulnerability

    Apache Camel Patches Five High-Severity Vulnerabilities

    July 9, 2026

  • OpenSUSE Leap 15.4 Beta releases, Linux distributions

    Linux

    OpenSUSE Leap 15.4 Beta releases, Linux distributions

    May 30, 2020

  • Ubuntu 16.04.6 LTS released: fix security vulnerabilities

    Linux

    Ubuntu 16.04.6 LTS released: fix security vulnerabilities

    March 1, 2019

  • GhostBSD 23.10.1 released, FreeBSD distribution

    Linux

    GhostBSD 23.10.1 released, FreeBSD distribution

    May 1, 2020

  • Solus 4.4 Fortitude releases, Linux distribution

    Linux

    Solus 4.4 Fortitude releases, Linux distribution

    January 26, 2020

  • AI AI security Android Apple APT BOTNET China CISA cloud security cryptocurrency cyberattack cybercrime Cyber Espionage cybersecurity Cybersecurity 2026 data breach Github google hacking Infosec InfoSec 2026 Infostealer Linux Linux Kernel malware Microsoft network security open source Penetration Testing phishing privacy privilege escalation Prompt Injection ransomware RCE remote code execution security Social Engineering supply chain attack Tech News 2026 threat intelligence vulnerability windows Windows 11 zero-day
  • Home
  • About Us
  • Contact Us
  • DMCA NOTICE
  • Privacy Policy

Information Security News © 2026. All Rights Reserved.

Powered by  - Designed with Hueman Pro