WordPress Motors Theme Vulnerability Allows Hackers to Seize Admin Accounts
A critical security flaw in the popular WordPress theme “Motors” is currently being exploited by hackers to escalate privileges and take over administrator accounts. This vulnerability enables attackers to gain full control of compromised websites running this theme, posing serious risks to site owners and users alike.
The “Motors” theme, widely used by automotive dealerships and related businesses for its specialised features and sleek design, has become a target due to a weakness in its user permission handling. Cybercriminals exploit this loophole to elevate their access rights beyond what is intended, granting them the highest-level permissions typically reserved for administrators.
Once an attacker secures administrator access, they can manipulate site settings, inject malicious code, steal sensitive data, or even lock out legitimate users entirely. This can lead to severe disruptions, including reputational damage and financial losses, especially for companies that depend on their online presence.
WordPress users whose sites employ the “Motors” theme should urgently check for updates or patches provided by the theme developers. Maintaining timely updates and using strong, unique passwords remain crucial steps in defending against such exploits. It is also advisable for site owners to monitor their system activity closely for unusual login attempts or unknown user accounts.
This incident underlines the importance of ongoing vigilance in website security, particularly when using third-party themes and plugins. Prompt action can significantly reduce the likelihood of successful attacks and help protect the integrity of your online platform.
Source: WordPress Motors theme flaw mass-exploited to hijack admin accounts
Author: Bill Toulas
