-/10CrowdSec Score

Motors Theme - Authentication Bypass (CVE-2025-4322)

Published on20-05-2025

First seen on01-01-1970

Public ExploitCVSS 9.8/10StylemixThemes - Motors - Car Dealer, Rental & Listing WordPress theme

0Exploiting IPs reported

The Motors theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.6.67. This is due to the theme not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to change arbitrary user passwords, including those of administrators, and leverage that to gain access to their account.

Exploitation

Get real-time information about exploitation attempts and actors involved.

Detected IPs

Discover the IPs that targeted this vulnerability across the CrowdSec Network.

・

Common Weakness Enumeration (CWE)

Protection

Find out relevant information to protect your stack against this CVE.

Blocklist

With our advanced worldwide network detection, CrowdSec can provide a list of IPs known for exploiting the vulnerability.

To increase your protection against this CVE, block exploitation attempts with this list of identified actors.