CVE-2025-64374
StylemixThemes · Motors
An unrestricted file upload vulnerability in the StylemixThemes Motors plugin allows attackers to upload malicious files to the server.
Executive summary
The StylemixThemes Motors plugin is vulnerable to unrestricted file uploads, which could allow a remote attacker to execute arbitrary code on the affected server.
Vulnerability
This vulnerability is an unrestricted file upload flaw, which enables an attacker to bypass security filters and upload malicious files to the web server. The lack of validation on file types significantly increases the risk of remote code execution.
Business impact
An attacker successfully exploiting this vulnerability could gain full control over the affected WordPress installation, leading to complete data exfiltration, site defacement, or the distribution of malware. With a CVSS score of 9.9, this represents a critical threat to the availability and security of the hosting environment.
Remediation
Immediate Action: Update the Motors plugin to the latest available version provided by StylemixThemes to resolve the file upload validation flaw.
Proactive Monitoring: Monitor server upload directories for suspicious file types (e.g., .php, .phtml, .exe) and review web server access logs for unusual request patterns.
Compensating Controls: Implement a Web Application Firewall (WAF) rule to block unauthorized file uploads and restrict directory execution permissions for user-writable folders.
Exploitation status
Public Exploit Available: Unknown
Analyst recommendation
Administrators must prioritize updating the Motors plugin immediately. Failure to remediate this vulnerability leaves the application exposed to trivial remote code execution attacks that can compromise the entire underlying web server.