Privilege Escalation Vulnerability in Motors Theme for WordPress
CVE-2025-4322

9.8CRITICAL

Key Information:

Vendor: WordPress
Status: Motors - Car Dealer, Rental & Listing WordPress Theme
Vendor: CVE Published:; 20 May 2025

Badges

📰 News Worthy

What is CVE-2025-4322?

The Motors theme for WordPress has a vulnerability that allows privilege escalation through an account takeover exploit. This issue arises from inadequate validation of user identity when updating passwords. As a result, unauthenticated attackers can reset passwords for any user, including administrators, thereby gaining unauthorized access to their accounts. Implementing proper authentication checks is critical to mitigating this risk and securing user data.

Affected Version(s)

Motors - Car Dealer, Rental & Listing WordPress theme * <= 5.6.67

News Articles

BleepingComputer

CVE-2025-4322

Premium WordPress 'Motors' theme vulnerable to admin takeover attacks

A critical privilege escalation vulnerability has been discovered in the premium WordPress theme Motors, which allows unauthenticated attackers to hijack administrator accounts and take complete control of websites.

1 day ago

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

http://themeforest.net/item/motors-car-dealership-wordpre...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

📰
First article discovered by BleepingComputer
May 20, 2025
Vulnerability published
May 20, 2025
Vulnerability Reserved
May 5, 2025

Credit

Friderika Baranyai