CVE-2025-4322

Name of the Vulnerable Software and Affected Versions Motors theme for WordPress versions up to, and including, 5.6.67

Description The Motors theme for WordPress is vulnerable to privilege escalation via account takeover. This is due to the theme not properly validating a user's identity prior to updating their password, making it possible for unauthenticated attackers to change arbitrary user passwords, including those of administrators, and leverage that to gain access to their account. It is estimated that over 22,000 sites are at risk.

Recommendations Update to version 5.6.68 to resolve the issue. As a temporary workaround, consider restricting access to password update functionality until a patch is available. Avoid using the password update feature in the affected theme until the issue is resolved.