Find notable cyber news and cases, enriched with sources, timelines, and signals.

StylemixThemes security patch release for CVE-2025-64374

Security Patch Release
First reported
Last updated
Happening score
H score 25
1 unique sources, 1 articles

Summary

Hide ▲

StylemixThemes released Motors 5.6.82 on 3 November to fix CVE-2025-64374, closing an arbitrary file upload path that could let low-privilege logged-in users take over affected WordPress sites. The patch matters because the flaw allowed plugin installation and activation without proper authorization. Sites running versions 5.6.81 and below should update immediately to reduce takeover risk.

Related Happenings

Gitea Docker images security update (CVE-2026-20896)

Security Patch Release
H score51 First: 06.07.2026 19:28 Last: 06.07.2026 19:28 Sources 1

About this happening: Gitea released **version 1.26.3** to fix **CVE-2026-20896**, closing a critical authentication-bypass risk in **Gitea Docker images**. The update removed the default **"*"** wildc...

Gravity SMTP security patch release for CVE-2026-4020

Security Patch Release
H score16 First: 20.06.2026 12:56 Last: 20.06.2026 12:56 Sources 1

About this happening: **Gravity SMTP** released **version 2.1.5** to fix **CVE-2026-4020**, closing a **medium-severity information disclosure** flaw in the WordPress plugin. The patch addresses a bug...

JCE Pro 2.9.99.6 patch for CVE-2026-48907

Security Patch Release
H score46 First: 17.06.2026 13:09 Last: 17.06.2026 13:09 Sources 1

About this happening: **JCE security team** released **JCE Pro 2.9.99.6** in **early June 2026** to fix **CVE-2026-48907** in the **Widget Factory Joomla Content Editor (JCE) plugin**. The update addre...

Everest Forms Pro plugin patch for CVE-2026-3300

Security Patch Release
H score43 First: 06.06.2026 17:09 Last: 06.06.2026 17:09 Sources 1

About this happening: The **Everest Forms developer** released a patch for **CVE-2026-3300** in **Everest Forms Pro** on **March 18**, closing an **unauthenticated arbitrary code execution** flaw affec...

The vendor security patch release for CVE-2026-8206

Security Patch Release
H score89 First: 03.06.2026 01:12 Last: 03.06.2026 01:12 Sources 1

About this happening: **Kirki - Freeform Page Builder, Website Builder & Customizer** shipped **version 6.0.7** to fix **CVE-2026-8206**, a privilege-escalation flaw that could let attackers take over...

Timeline

  1. 17.12.2025 18:45 2 articles · 6mo ago

    Motors 5.6.82 patch closes unauthorized plugin installation

    Mitigation Patch Update

    StylemixThemes released Motors version 5.6.82 with a current_user_can permission check to stop logged-in users from abusing the AJAX handler to install and activate plugins through the arbitrary file upload path in CVE-2025-64374.

    Show sources
  2. 17.12.2025 18:45 1 articles · 6mo ago

    Patchstack discloses CVE-2025-64374 in Motors theme

    Initial Disclosure

    Patchstack disclosed CVE-2025-64374 in the Motors WordPress theme from StylemixThemes, warning that logged-in Subscriber-level users on versions 5.6.81 and below could use an arbitrary file upload flaw in an AJAX handler to install and activate plugins and reach full site takeover.

    Show sources