menu
techminis

A naukri.com initiative

New

google-web-stories
Home

>

Technology News

>

A popular ...
source image

Tech Radar

2w

read

291

img
dot

Image Credit: Tech Radar

A popular WordPress theme has been hijacked by malware - here's what we know

  • A critical privilege escalation flaw (CVE-2025-4322) in the 'Motors' WordPress theme has been exploited by hackers, allowing them to hijack administrator accounts.
  • Nearly 22,500 sales of the 'Motors' theme have been recorded on EnvatoMarket, making it a popular choice among automotive websites.
  • The vulnerability was discovered on May 2, 2025, and a patch was released with version 5.6.68 on May 14 to protect accounts from potential takeovers.
  • Accounts running versions up to 5.6.67 are at risk, as the theme did not properly validate a user's identity before updating their password.
  • Attacks exploiting this vulnerability were observed starting on May 20, with over 23,000 blocked attempts reported by Wordfence.
  • Wordfence recommended updating to version 5.6.68 to secure accounts and prevent takeovers.
  • Multiple IP addresses engaging in attacks have been identified by Wordfence, with some making thousands of attempts.
  • Users experiencing login issues or unauthorized password changes should consider their sites possibly infected.
  • Updating to version 5.6.68 is crucial for 'Motors' theme users to close the vulnerability and protect against attacks.
  • Wordfence has actively monitored and blocked attack attempts to safeguard affected WordPress sites.
  • Hacker attacks started on June 7 after the vulnerability was disclosed.
  • The key action recommended is to update to version 5.6.68 which contains the necessary security patch.
  • The 'Motors' WordPress theme vulnerability underscores the importance of timely updates and security measures for website protection.
  • The theme's developer, StylemixThemes, addressed the critical flaw with the release of version 5.6.68.
  • Wordfence's prompt response in reporting the vulnerability and providing guidance demonstrates the importance of security monitoring in the WordPress ecosystem.
  • Timely updates and vigilant monitoring are essential to mitigate the risks associated with WordPress vulnerabilities.

Read Full Article

like

17 Likes

share

4 Shares

For uninterrupted reading, download the app