CVE-2025-4322

CRITICAL EXPLOITED NUCLEI

Motors WordPress <5.6.67 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2025-4322 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 4 public exploits from researchers including IndominusRexes, Yucaerin, zedeq. A Nuclei detection template is also available.

AI-analyzed exploit summary The repository lacks actual exploit code and instead directs users to an external download link (tinyurl.com), which is a common tactic for distributing malware or fake exploits. The README provides minimal technical details about the vulnerability.

Description

The Motors theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.6.67. This is due to the theme not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to change arbitrary user passwords, including those of administrators, and leverage that to gain access to their account.

Exploits (4)

nomisec SUSPICIOUS 2 stars
by IndominusRexes · poc
https://github.com/IndominusRexes/CVE-2025-4322-Exploit

The repository lacks actual exploit code and instead directs users to an external download link (tinyurl.com), which is a common tactic for distributing malware or fake exploits. The README provides minimal technical details about the vulnerability.

Classification
Suspicious 95%
Attack Type
Other
Complexity
Theoretical
Reliability
Theoretical
Target: Firefox on Windows
No auth needed
Prerequisites: None specified
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec SCANNER 1 stars
by Yucaerin · remote
https://github.com/Yucaerin/CVE-2025-4322

The repository contains a scanner for identifying vulnerable instances of the Motors WordPress theme (CVE-2025-4322) by checking for the presence of a specific login form. It does not include an exploit but aids in discovering potential targets.

Classification
Scanner 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Motors WordPress theme <= 5.6.67
No auth needed
Prerequisites: List of target domains in 'list.txt'
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec SCANNER
by zedeq · poc
https://github.com/zedeq/WP-CVE-2025-4322---Scan

This repository contains a Python-based scanner for detecting the presence of a supply-chain backdoor in WordPress plugins affected by CVE-2025-4322. The scanner checks for specific paths and plugins associated with the backdoor but does not include exploit code.

Classification
Scanner 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: WordPress plugins (multiple)
No auth needed
Prerequisites: Target URL · Internet access
devstral-2 · analyzed Apr 18, 2026 Full analysis →
nomisec SCANNER
by gmh5225 · poc
https://github.com/gmh5225/Blackash-CVE-2025-4322

The repository contains a scanner script designed to identify WordPress sites using the Motors theme vulnerable to CVE-2025-4325, an unauthenticated privilege escalation flaw. It checks for the presence of specific login forms across multiple endpoints.

Classification
Scanner 90%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: Motors WordPress theme <= 5.6.67
No auth needed
Prerequisites: List of target domains in 'list.txt'
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Motors <= 5.6.67 - Unauthenticated Privilege Escalation via Password Update/Account Takeover
CRITICALby DhiyaneshDK
FOFA: body="/wp-content/themes/motors/style.css"

References (2)

Core 2

Scores

CVSS v3 9.8
EPSS 0.3013
EPSS Percentile 96.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

VulnCheck KEV 2025-05-19
CWE
CWE-620
Status published
Products (1)
StylemixThemes/Motors - Car Dealer, Rental & Listing WordPress theme < 5.6.67
Published May 20, 2025
Tracked Since Feb 18, 2026