Privilege Escalation Vulnerability in Motors Theme for WordPress
CVE-2025-4322
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 20 May 2025
Badges
What is CVE-2025-4322?
The Motors theme for WordPress has a vulnerability that allows privilege escalation through an account takeover exploit. This issue arises from inadequate validation of user identity when updating passwords. As a result, unauthenticated attackers can reset passwords for any user, including administrators, thereby gaining unauthorized access to their accounts. Implementing proper authentication checks is critical to mitigating this risk and securing user data.
Affected Version(s)
Motors - Car Dealer, Rental & Listing WordPress theme * <= 5.6.67
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
WordPress Motors theme flaw mass-exploited to hijack admin accounts
Hackers are exploiting a critical privilege escalation vulnerability in the WordPress theme
1 week ago
Help Net SecurityCVE-2025-4322Flawed WordPress theme may allow admin account takeover on 22,000+ sites (CVE-2025-4322) - Help Net Security
A vulnerability (CVE-2025-4322) in the Motors Wordpress theme can be easily exploited by unauthenticated attackers to take over accounts.
Premium WordPress 'Motors' theme vulnerable to admin takeover attacks
A critical privilege escalation vulnerability has been discovered in the premium WordPress theme Motors, which allows unauthenticated attackers to hijack administrator accounts and take complete control of websites.
References
EPSS Score
24% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
- 📰
First article discovered by BleepingComputer
Vulnerability published
Vulnerability Reserved