> Back to All Posts

WordPress Theme Hijacked by Malware: What You Need to Know

WordPress Theme Hijacked

A popular WordPress themes got hijacked by malware. A critical security flaw in one of the most widely used premium WordPress themes has put thousands of websites at risk. The Motors theme, developed by StylemixThemes and commonly used for car dealership and classified sites, has been found vulnerable to a serious exploit. Cybercriminals now actively use this exploit to hijack websites.

What Happened?

Security researchers uncovered a privilege escalation vulnerability in the Motors theme, officially tracked as CVE‑2025‑4322. The flaw allows attackers to change passwords for any user, including administrators. With this, hackers can gain full control over WordPress sites running vulnerable versions of the theme.

Timeline of the Threat

  • May 2, 2025 – The vulnerability was first reported.

  • May 14, 2025 – The developer released a fix in version 5.6.68 of the Motors theme.

  • May 20+ – Threat actors began scanning for and exploiting unpatched sites.

  • June 7, 2025 – Wordfence recorded over 23,000 blocked attack attempts targeting the vulnerability in a single day.

How the Exploit Works

This is not a typical malware dropper or backdoor. Instead, the attackers exploit the flaw to reset administrator passwords, giving them full access without the need for phishing or brute-forcing credentials. Once in, they can plant malware, modify site content, or lock out legitimate users.

Does This Affect Your Site?

If you’re using the Motors theme and:

  • You’ve lost admin access, or

  • You’ve noticed unexpected new users, or

  • Your website is behaving abnormally,

…you may already be compromised.

What to Do Now

  1. Immediately update your Motors theme to v5.6.68 or higher.

  2. Reset all administrator passwords.

  3. Scan your site for unauthorized users and suspicious code.

  4. Use security plugins like Wordfence or Sucuri to scan for malware and block further attacks.

  5. Consider enabling 2FA (two-factor authentication) to strengthen your login process.

Lessons from the Incident

The hijacked WordPress theme is not a surprise. This attack underscores the critical importance of keeping WordPress themes and plugins up to date. Even premium themes sometimes contain zero-day vulnerabilities that hackers exploit later at scale.

Regular patching, monitoring login activity, and using layered security solutions can help reduce the impact of such threats in the future.

Janet Andersen

Janet is an experienced content creator with a strong focus on cybersecurity and online privacy. With extensive experience in the field, she’s passionate about crafting in-depth reviews and guides that help readers make informed decisions about digital security tools. When she’s not managing the site, she loves staying on top of the latest trends in the digital world.