CVE-2025-4322

Published May 20, 2025

Last updated a month ago

CVSS critical 9.8

Overview

Description
The Motors theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.6.67. This is due to the theme not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to change arbitrary user passwords, including those of administrators, and leverage that to gain access to their account.
Source
security@wordfence.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Primary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

security@wordfence.com
CWE-620

Social media

Hype score
Not currently trending

  1. A critical flaw (CVE-2025-4322, CVSS 9.8) in WordPress's Motors theme allows unauthenticated password resets for full site takeover. Active exploitation has begun; update to 5.6.68 immediately! https://t.co/AU0CWy0vi5

    @the_yellow_fall

    24 Jun 2025

    246 Impressions

    0 Retweets

    2 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  2. #threatreport #LowCompleteness Attackers Actively Exploiting Critical Vulnerability in Motors Theme | 22-06-2025 Source: https://t.co/V7Ux4EQCYu Key details below ↓ 🎯Victims: Motors wordpress theme users 🔓CVEs: CVE-2025-4322 \[[Vulners](https://t.co/gifCgu4SJU)] - CVS

    @rst_cloud

    23 Jun 2025

    7 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Hackers are exploiting a serious flaw in all WordPress Motors themes up to 5.6.67 to hijack admin accounts via password update errors. Over 23,000 attempts blocked since disclosure. Immediate updates needed! 🚨 #CVE-2025-4322 #UK #WordPressSecurity https://t.co/lePlWXOmMn

    @TweetThreatNews

    22 Jun 2025

    145 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. 🚨 Urgent: A critical privilege escalation flaw (CVE-2025-4322) in WordPress Motors theme is being actively exploited, allowing attackers to hijack admin accounts. Update to v5.6.68+ immediately. Over 23K attacks blocked already. Details: https://t.co/3Frz4tnVEu

    @RedTeamNewsBlog

    22 Jun 2025

    19 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. CVE-2025-4322 - Wordpresse Theme Vulnerability: unauthenticated privilege escalation, clientside attack technique: parameter injection Why the attack works: -theme provides a publicly accessible user registration form

    @ghostbugste

    22 Jun 2025

    6 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    2 Replies

    0 Quotes

  6. 🚨 BREAKING: Hackers are mass-exploiting a critical flaw (CVE-2025-4322) in the WordPress Motors theme to hijack admin accounts! Over 22,000 sites at risk—patch NOW with 5.6.68. 🔒 #CyberSec #WordPress #Security https://t.co/WceJjnErUG

    @xcybersecnews

    21 Jun 2025

    35 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. A critical vulnerability in the Motors theme (CVE-2025-4322) allows privilege escalation through account takeover via password recovery. Over 22,000 sites targeted, with 23,000+ attempts blocked. Update to version 5.6.68 now! 🚨 #WebSecurity #UK https://t.co/bjIMbx0uKb

    @TweetThreatNews

    20 Jun 2025

    41 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. WordPressのMotorsテーマに重大(Critical)な脆弱性。CVE-2025-4322はCVSSスコア9.8。未認証の攻撃者が任意のユーザーのパスワードを変更することでアカウント乗っ取りが可能。バージョン5.6.68で修正。 https://t.co/vL80o89vKv

    @__kokumoto

    20 Jun 2025

    1027 Impressions

    2 Retweets

    8 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  9. CVE-2025-4322 (CVSS:9.8, CRITICAL) is Awaiting Analysis. The Motors theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and inc..https://t.co/W3BC1kpa2v #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre

    @cracbot

    25 May 2025

    7 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. 🚨 Vulnerabilidad crítica en el tema Motors de WordPress (CVE-2025-4322) expone +22.000 sitios. 🔓 Atacantes pueden tomar control admin sin autenticación. 🛠️ Actualiza a la versión 5.6.68 ya. 🔗 Fuente: https://t.co/b8OG7Lrhvi #Ciberseguridad #WordPress #CVE2025 #

    @ERCColombia

    24 May 2025

    18 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  11. ⚠️「Motors」テーマに危険な脆弱性(CVE-2025-4322)が発見され、22,000超のWordPressサイトが危機に!早急な対応が必要です。CMSの安全性、今一度チェックを。#WordPress #CVE20254322 #情報セキュリティ https://t.co/YbvxfTuBK

    @tksfukuyama

    22 May 2025

    37 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. 🚨 Critical WordPress 'Motors' Theme Bug Enables Admin Takeover CVE-2025-4322 lets attackers reset admin passwords on sites using Motors <5.6.68. 22K+ sites at risk—update now! https://t.co/X6gSdG9iJp #WordPress #Vulnerability #CVE20254322 #Infosec https://t.co/pRreLeB1

    @dCypherIO

    21 May 2025

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. Flawed WordPress Theme May Allow Admin Account Takeover on 22,000+ Sites The Exploration of CVE-2025-4322: A WordPress Vulnerability With Large-Scale https://t.co/FVcK1X5D65

    @AegisLens

    21 May 2025

    66 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. Flawed #WordPress #theme may allow #admin account takeover on 22,000+ sites (CVE-2025-4322) https://t.co/86H0ZXsmle

    @ScyScan

    21 May 2025

    29 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. A critical vulnerability in the Motors WordPress theme (CVE-2025-4322) allows attackers to hijack admin accounts without authentication. All versions up to 5.6.67 are affected. Update to 5.6.68 and back up now! 🚨 #WP #WebSecurity #UK https://t.co/BeU9EqqyRB

    @TweetThreatNews

    20 May 2025

    85 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  16. Critical alert: A privilege escalation flaw (CVE-2025-4322) in WordPress Motors theme lets attackers hijack admin accounts. Over 22,000 sites at risk—update to v5.6.68 immediately. Details: https://t.co/bG2pRcGkUG

    @RedTeamNewsBlog

    20 May 2025

    29 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. Critical vulnerability CVE-2025-4322 found in Motors WordPress theme, affecting 22,000 sites. Immediate update to version 5.6.68 recommended. #WordPress #CyberSecurity #WebsiteSecurity https://t.co/6qwjo7IhdA

    @dailytechonx

    20 May 2025

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. WordPressの人気テーマ「Motors」に、認証不要で管理者権限を奪取できる重大な脆弱性(CVE-2025-4322)が発見された。影響を受けるのはバージョン5.6.67以前で、攻撃者はユーザーのパスワードを本人確認なしでリセ

    @yousukezan

    20 May 2025

    846 Impressions

    1 Retweet

    5 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  19. CVE-2025-4322 The Motors theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.6.67. This is due to the theme not pro… https://t.co/6Jnsqwn664

    @CVEnew

    20 May 2025

    482 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.