Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

StylemixThemes security patch release for CVE-2025-64374

Security Patch Release
First reported
Last updated
Happening score
H score 19
1 unique sources, 1 articles

Summary

Hide ▲

StylemixThemes released Motors 5.6.82 on 3 November to fix CVE-2025-64374, closing an arbitrary file upload path that could let low-privilege logged-in users take over affected WordPress sites. The patch matters because the flaw allowed plugin installation and activation without proper authorization. Sites running versions 5.6.81 and below should update immediately to reduce takeover risk.

Related Happenings

LiteSpeed cPanel user-end plugin urgent security update (CVE-2026-48172)

Security Patch Release
First: 27.05.2026 13:06 Last: 27.05.2026 13:06 Sources 1

About this happening: LiteSpeed released **urgent security updates** for the **cPanel user-end plugin** after **CVE-2026-48172** was found to be **actively exploited**, reducing exposure for systems ru...

Open Happening

Avada Builder 3.15.3 patch release (CVE-2026-4782, CVE-2026-4798)

Security Patch Release
First: 15.05.2026 18:56 Last: 15.05.2026 18:56 Sources 1

About this happening: **Avada Builder** shipped **version 3.15.3** as the full fix for **CVE-2026-4782** and **CVE-2026-4798**, closing the plugin flaws that could expose files and database data. A pri...

Open Happening

CPanel security patch release for CVE-2026-29201

Security Patch Release
First: 09.05.2026 10:16 Last: 09.05.2026 10:16 Sources 1

About this happening: **cPanel** released updates for **cPanel and Web Host Manager (WHM)** to fix **three vulnerabilities** that could enable **privilege escalation**, **code execution**, or **denial-...

Open Happening

Linux kernel security update for Copy Fail (CVE-2026-31431)

Security Patch Release
First: 30.04.2026 16:54 Last: 30.04.2026 16:54 Sources 1

About this happening: **Linux kernel** maintainers have fixed **CVE-2026-31431** and are rolling out updates to close a **local privilege escalation** flaw that lets an unprivileged attacker gain **roo...

Open Happening

CPanel security patch release for CVE-2026-41940

Security Patch Release
First: 29.04.2026 12:37 Last: 29.04.2026 12:37 Sources 1

About this happening: **cPanel** released **security updates** for **cPanel and WHM** after an **authentication bypass** flaw could let remote attackers reach control-panel access, with fixes now cover...

Latest development: 04.05.2026 22:14

CVE-2026-41940 in cPanel, WebHost Manager (WHM), and WP Squared was rapidly exploited after public disclosure, with Censys reporting attacks from multiple threat actors within 24 hours and about 15,000 potentially compromised instances in the first day. KnownHost said about 30 managed cPanel servers showed attempted exploitation, WatchTowr Labs published a PoC exploit and technical analysis, and Defused said much of the observed activity copied WatchTowr's PoC exactly.

Open Happening

Timeline

  1. 17.12.2025 18:45 2 articles · 5mo ago

    Motors 5.6.82 patch closes unauthorized plugin installation

    Mitigation Patch Update

    StylemixThemes released Motors version 5.6.82 with a current_user_can permission check to stop logged-in users from abusing the AJAX handler to install and activate plugins through the arbitrary file upload path in CVE-2025-64374.

    Show sources
    Open in new tab
  2. 17.12.2025 18:45 1 articles · 5mo ago

    Patchstack discloses CVE-2025-64374 in Motors theme

    Initial Disclosure

    Patchstack disclosed CVE-2025-64374 in the Motors WordPress theme from StylemixThemes, warning that logged-in Subscriber-level users on versions 5.6.81 and below could use an arbitrary file upload flaw in an AJAX handler to install and activate plugins and reach full site takeover.

    Show sources
    Open in new tab