Join Now
Menu

Home » Blog » Motors WordPress theme has been hijacked by malware – here’s what to do

Motors WordPress theme has been hijacked by malware – here’s what to do

Dapo Obembe Avatar
Dapo Obembe








Motors WordPress theme

Motors WordPress theme, popular premium WordPress theme, has been exploited by hackers thanks to a critical privilege escalation flaw tracked as CVE-2025-4322. And here’s what you should know and do.

Attackers are able to exploit the vulnerability in the ‘Motors’ theme to hijack administrator accounts, taking full control of sites to change details, inject false details and spread malicious payloads.

Who developed Motors WordPress theme?

Developed by StylemixThemes and a popular pick among automotive websites, nearly 22,500 sales of the theme have been logged on EnvatoMarket.

The vulnerability had first been discovered on May 2, 2025, with a patch later released with version 5.6.68 on May 14, meaning that up-to-date accounts should be protected from potential account takeovers. Versions up to 5.6.67 are affected by the CVE, with Wordfence reporting on the details on May 19.

“This is due to the theme not properly validating a user’s identity prior to updating their password,” Wordfence explained.

“This makes it possible for unauthenticated attackers to change arbitrary user passwords, including those of administrators, and leverage that to gain access to their account.”

Although the patch has already been released, accounts that are still running older versions are at risk of takeover, with attacks seen to have started on May 20. By June 7, researchers were observing wide-scale attacks – Wordfence has now blocked more than 23,000 attack attempts.

Wordfence also disclosed a number of key IP addresses seen to be attacking sites – many making thousands of attempts each.

“One obvious sign of infection is if a site’s administrator is unable to log in with the correct password as it may have been changed as a result of this vulnerability,” the researchers explained.

The biggest change users of the ‘Motors’ theme can do is to update to version 5.6.68, closing the vulnerability to attackers and securing their accounts from takeovers.

Via BleepingComputer

What should you do to keep your WordPress site safe?

  1. Ensure you always back up your site
  2. Don’t use or nulled theme. Buy from the source
  3. Always update your theme and plugins when you see the update notification or turn on the auto-update
  4. Once in a while change your admin credentials
Subscribe








Dapo Obembe Avatar
Dapo Obembe
Hi there. I’m a Fullstack Web Developer. I build user-friendly and converting websites for businesses and brands, I write and make contents about Web development and Website Design and I teach Web development. Ready to hire me? Shoot me an email: hello@dapoobembe.com or Chat me on WhatsApp: 08151244131

Leave a Reply

Your email address will not be published. Required fields are marked *

Newsletter

Be the first to know when new courses and tutorials are published.

Subscribe Here

Join Us WhatsApp

Be the first to know when new courses and tutorials are published.

Join Here

Recent Posts

Related Posts

No related posts found.