Hackers are exploiting a critical vulnerability in the WordPress Motors theme to hijack admin accounts and control affected websites. Immediate updates are crucial as widespread attacks have already occurred since the flaw was disclosed. #CVE-2025-4322 #MotorsTheme #WordPressSecurity
Keypoints
- The vulnerability affects all versions of the Motors theme up to 5.6.67.
- It exploits improper user identity validation during password updates, enabling unauthorized password changes.
- Attacks began immediately after the vulnerability was disclosed, with over 23,000 attempts blocked by Wordfence.
- Attackers target the βLogin Registerβ widget through specially crafted POST requests.
- Site owners are advised to block malicious IPs and update to version 5.6.68 immediately.