Red Hot Cyber, The cybersecurity news

Red Hot Cyber

Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Select language
English Spanish Italian
Search

22,000 Sites At Risk: New Motors WordPress Vulnerability Allows Total Hacking

Redazione RHC : 25 June 2025 08:16

Attackers are actively exploiting a critical privilege escalation vulnerability in the WordPress Motors theme, allowing them to hijack administrator accounts and take complete control of the target site.

The malicious activity was discovered by Wordfence, which last month reported a critical vulnerability, the CVE-2025-4322, which affects all versions of the Motors theme up to 5.6.67. This theme, developed by StylemixThemes, has 22,460 sales on Envato Market and is very popular among owners of automotive-related websites.

The issue is related to the Login Register widget and the incorrect validation of the user’s identity when updating a password, which allows unauthenticated attackers to change administrator passwords. Therefore, to exploit the bug, an attacker must first find the URL where the widget is located by checking /login-register, /account, /reset-password, /signin, etc. using special POST requests. Such requests contain invalid UTF-8 characters in the hash_check value, which leads to incorrect hash comparisons when resetting a password.

The POST body contains the stm_new_password value, which resets the user’s password based on IDs that typically belong to site administrators.

In May, StylemixThemes developers released version 5.6.68, which fixed CVE-2025-4322, but many users had not yet installed the updates and may now be vulnerable to attacks.

Wordfence analysts reported that attacks on the new vulnerability began as early as May 20, just one day after the issue was disclosed. More extensive attacks began after June 7, 2025, and Wordfence says it has already blocked over 23,100 hacking attempts against its customers.

According to experts, the passwords used by attackers in the attacks include:

  • Try test123!@#;
  • rzkkd$SP3znjrn;
  • Kurd@Kurd12123;
  • owm9cpXHAZTk;

Once access is gained, attackers log into the WordPress dashboard as administrators and create additional administrative accounts to gain a foothold on the hacked resource. Experts write that the sudden appearance of such accounts, combined with the locking of existing administrator accounts (passwords no longer working), is a sure sign of CVE-2025-4322 exploitation. Motors users are advised to update their theme as soon as possible.

Redazione
The editorial team of Red Hot Cyber consists of a group of individuals and anonymous sources who actively collaborate to provide early information and news on cybersecurity and computing in general.

Lista degli articoli
Categories
Banner
Redhotcyber is an open-news project that was launched in 2019 and subsequently expanded into a network of individuals collaborating to disseminate information and topics focused on technology, Information Technology, and cybersecurity. Its goal is to increase risk awareness among an ever-growing number of people.

Editorial board : [email protected]

Facebook Linkedin Youtube Telegram Twitter Pinterest Tumblr