Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Motors WordPress theme arbitrary file upload flaw (CVE-2025-64374)

Vulnerability
First reported
Last updated
Happening score
H score 0
1 unique sources, 1 articles

Summary

Hide ▲

Motors WordPress theme sites running versions 5.6.81 and below were exposed to CVE-2025-64374, an arbitrary file upload flaw that could let low-privilege logged-in users install and activate plugins and ultimately reach full site takeover. The issue was fixed in version 5.6.82 with a proper permission check.

Related Happenings

CISA KEV addition for Smartbedded Meteobridge CVE-2025-4008

Public Sector Action
First: 03.10.2025 11:23 Last: 03.10.2025 11:23 Sources 1

About this happening: CISA added **CVE-2025-4008** in **Smartbedded Meteobridge** to the **KEV catalog**, signaling **active exploitation** and requiring **FCEB agencies** to apply updates by **October...

Open Happening

Timeline

  1. 17.12.2025 18:45 1 articles · 5mo ago

    Motors version 5.6.82 patch release

    Mitigation Patch Update

    Motors version 5.6.82 added a current_user_can permission check to the Motors WordPress theme, closing the plugin-installation path that let logged-in users upload and activate plugins; the patch was released on 3 November after disclosure to StylemixThemes in September.

    Show sources
    Open in new tab
  2. 17.12.2025 18:45 2 articles · 5mo ago

    Patchstack discloses CVE-2025-64374 in Motors

    Initial Disclosure

    Patchstack disclosed CVE-2025-64374 in the Motors WordPress theme from StylemixThemes, saying an arbitrary file upload flaw in an AJAX handler let logged-in Subscriber-level users install and activate plugins and could lead to full site takeover on sites running version 5.6.81 and below.

    Show sources
    Open in new tab