StylemixThemes security patch release for CVE-2025-64374
Security Patch Release
Summary
Hide ▲
Show ▼
StylemixThemes released Motors 5.6.82 on 3 November to fix CVE-2025-64374, closing an arbitrary file upload path that could let low-privilege logged-in users take over affected WordPress sites. The patch matters because the flaw allowed plugin installation and activation without proper authorization. Sites running versions 5.6.81 and below should update immediately to reduce takeover risk.
Related Happenings
Gitea Docker images security update (CVE-2026-20896)
Security Patch Release
H score51
First: 06.07.2026 19:28
Last: 06.07.2026 19:28
Sources 1
About this happening:
Gitea released **version 1.26.3** to fix **CVE-2026-20896**, closing a critical authentication-bypass risk in **Gitea Docker images**. The update removed the default **"*"** wildc...
Gitea Docker images security update (CVE-2026-20896)
Security Patch ReleaseAbout this happening: Gitea released **version 1.26.3** to fix **CVE-2026-20896**, closing a critical authentication-bypass risk in **Gitea Docker images**. The update removed the default **"*"** wildc...
Gravity SMTP security patch release for CVE-2026-4020
Security Patch Release
H score16
First: 20.06.2026 12:56
Last: 20.06.2026 12:56
Sources 1
About this happening:
**Gravity SMTP** released **version 2.1.5** to fix **CVE-2026-4020**, closing a **medium-severity information disclosure** flaw in the WordPress plugin. The patch addresses a bug...
Gravity SMTP security patch release for CVE-2026-4020
Security Patch ReleaseAbout this happening: **Gravity SMTP** released **version 2.1.5** to fix **CVE-2026-4020**, closing a **medium-severity information disclosure** flaw in the WordPress plugin. The patch addresses a bug...
JCE Pro 2.9.99.6 patch for CVE-2026-48907
Security Patch Release
H score46
First: 17.06.2026 13:09
Last: 17.06.2026 13:09
Sources 1
About this happening:
**JCE security team** released **JCE Pro 2.9.99.6** in **early June 2026** to fix **CVE-2026-48907** in the **Widget Factory Joomla Content Editor (JCE) plugin**. The update addre...
JCE Pro 2.9.99.6 patch for CVE-2026-48907
Security Patch ReleaseAbout this happening: **JCE security team** released **JCE Pro 2.9.99.6** in **early June 2026** to fix **CVE-2026-48907** in the **Widget Factory Joomla Content Editor (JCE) plugin**. The update addre...
Everest Forms Pro plugin patch for CVE-2026-3300
Security Patch Release
H score43
First: 06.06.2026 17:09
Last: 06.06.2026 17:09
Sources 1
About this happening:
The **Everest Forms developer** released a patch for **CVE-2026-3300** in **Everest Forms Pro** on **March 18**, closing an **unauthenticated arbitrary code execution** flaw affec...
Everest Forms Pro plugin patch for CVE-2026-3300
Security Patch ReleaseAbout this happening: The **Everest Forms developer** released a patch for **CVE-2026-3300** in **Everest Forms Pro** on **March 18**, closing an **unauthenticated arbitrary code execution** flaw affec...
The vendor security patch release for CVE-2026-8206
Security Patch Release
H score89
First: 03.06.2026 01:12
Last: 03.06.2026 01:12
Sources 1
About this happening:
**Kirki - Freeform Page Builder, Website Builder & Customizer** shipped **version 6.0.7** to fix **CVE-2026-8206**, a privilege-escalation flaw that could let attackers take over...
The vendor security patch release for CVE-2026-8206
Security Patch ReleaseAbout this happening: **Kirki - Freeform Page Builder, Website Builder & Customizer** shipped **version 6.0.7** to fix **CVE-2026-8206**, a privilege-escalation flaw that could let attackers take over...
Timeline
-
17.12.2025 18:45 2 articles · 6mo ago
Motors 5.6.82 patch closes unauthorized plugin installation
Mitigation Patch UpdateStylemixThemes released Motors version 5.6.82 with a current_user_can permission check to stop logged-in users from abusing the AJAX handler to install and activate plugins through the arbitrary file upload path in CVE-2025-64374.
Show sources
- Motors WordPress Vulnerability Exposes Sites to Takeover — www.infosecurity-magazine.com — 17.12.2025 18:45
- Motors WordPress Vulnerability Exposes Sites to Takeover — www.infosecurity-magazine.com — 17.12.2025 18:45
-
17.12.2025 18:45 1 articles · 6mo ago
Patchstack discloses CVE-2025-64374 in Motors theme
Initial DisclosurePatchstack disclosed CVE-2025-64374 in the Motors WordPress theme from StylemixThemes, warning that logged-in Subscriber-level users on versions 5.6.81 and below could use an arbitrary file upload flaw in an AJAX handler to install and activate plugins and reach full site takeover.
Show sources
- Motors WordPress Vulnerability Exposes Sites to Takeover — www.infosecurity-magazine.com — 17.12.2025 18:45