BleepingComputer reports that ongoing intrusions leveraging the critical privilege escalation flaw in the WordPress "Motors" theme, tracked as CVE-2025-4322, to compromise admin accounts and facilitate site takeovers commenced on May 20 before surging on June 7.
Threat actors have been exploiting the flaw, which stems from inadequate user identity validation mechanisms, by identifying the URL of the erring widget before resetting admin passwords, infiltrating the WordPress dashboard, and establishing new admin accounts for persistence, according to an analysis from Wordfence, which has thwarted over 23,000 attempted attacks involving the security issue. Admins of WordPress sites with the vulnerable theme have been urged to immediately apply the latest Motors version 5.6.68 issued last month. Additional details regarding the IP addresses used to deploy attacks involving the security defect that should be placed on block lists have also been provided by Wordfence.
Threat actors have been exploiting the flaw, which stems from inadequate user identity validation mechanisms, by identifying the URL of the erring widget before resetting admin passwords, infiltrating the WordPress dashboard, and establishing new admin accounts for persistence, according to an analysis from Wordfence, which has thwarted over 23,000 attempted attacks involving the security issue. Admins of WordPress sites with the vulnerable theme have been urged to immediately apply the latest Motors version 5.6.68 issued last month. Additional details regarding the IP addresses used to deploy attacks involving the security defect that should be placed on block lists have also been provided by Wordfence.
