CVE-2025-64374
📋 TL;DR
This vulnerability allows attackers to upload malicious files to WordPress sites using the Motors theme. It affects all Motors theme installations from any version up to and including 5.6.81. Attackers can exploit this to execute arbitrary code and take control of affected websites.
💻 Affected Systems
- StyleMixThemes Motors WordPress Theme
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete server compromise leading to data theft, ransomware deployment, or website defacement through remote code execution.
Likely Case
Website takeover with backdoor installation, credential theft, and malware distribution to visitors.
If Mitigated
Limited impact if file uploads are restricted at web server level, but still poses significant risk.
🎯 Exploit Status
Public exploit details available on Patchstack; trivial to exploit with basic web knowledge.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 5.6.82 or later
Vendor Advisory: https://patchstack.com/database/Wordpress/Theme/motors/vulnerability/wordpress-motors-theme-5-6-80-arbitrary-file-upload-vulnerability?_s_id=cve
Restart Required: No
Instructions:
1. Log into WordPress admin panel
2. Navigate to Appearance > Themes
3. Check Motors theme version
4. Update to version 5.6.82 or later via theme update or manual upload
🔧 Temporary Workarounds
Web Server File Upload Restrictions
allConfigure web server to block upload of executable file types
# For Apache: Add to .htaccess
<FilesMatch "\.(php|phtml|php3|php4|php5|phps|pl|py|jsp|asp|sh|cgi)$">
Order Allow,Deny
Deny from all
</FilesMatch>
# For Nginx: Add to server block
location ~* \.(php|phtml|php3|php4|php5|phps|pl|py|jsp|asp|sh|cgi)$ {
deny all;
}
🧯 If You Can't Patch
- Disable or remove the Motors theme immediately and switch to a secure alternative
- Implement web application firewall (WAF) rules to block file upload requests to vulnerable endpoints
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Appearance > Themes > Motors theme details for version numberCheck Version:
# WordPress CLI
wp theme list --name=motors --fields=name,version,status
# Or check /wp-content/themes/motors/style.css Version: headerVerify Fix Applied:
Confirm Motors theme version is 5.6.82 or higher in WordPress admin📡 Detection & Monitoring
Log Indicators:
- Unusual file uploads to /wp-content/uploads/ or theme directories
- POST requests to theme-specific upload endpoints with executable file extensions
- Sudden appearance of PHP/executable files in upload directories
Network Indicators:
- HTTP POST requests with file uploads to Motors theme endpoints
- Traffic patterns showing file uploads followed by immediate execution requests
SIEM Query:
source="web_server" AND (uri_path="/wp-content/themes/motors/*" OR uri_path="/wp-content/uploads/*") AND http_method="POST" AND (file_extension="php" OR file_extension="phtml" OR file_extension="jsp" OR file_extension="asp")