CVE-2025-64374

StylemixThemes · Motors

An unrestricted file upload vulnerability in the StylemixThemes Motors plugin allows attackers to upload malicious files to the server.

Executive summary

The StylemixThemes Motors plugin is vulnerable to unrestricted file uploads, which could allow a remote attacker to execute arbitrary code on the affected server.

Vulnerability

This vulnerability is an unrestricted file upload flaw, which enables an attacker to bypass security filters and upload malicious files to the web server. The lack of validation on file types significantly increases the risk of remote code execution.

Business impact

An attacker successfully exploiting this vulnerability could gain full control over the affected WordPress installation, leading to complete data exfiltration, site defacement, or the distribution of malware. With a CVSS score of 9.9, this represents a critical threat to the availability and security of the hosting environment.

Remediation

Immediate Action: Update the Motors plugin to the latest available version provided by StylemixThemes to resolve the file upload validation flaw.

Proactive Monitoring: Monitor server upload directories for suspicious file types (e.g., .php, .phtml, .exe) and review web server access logs for unusual request patterns.

Compensating Controls: Implement a Web Application Firewall (WAF) rule to block unauthorized file uploads and restrict directory execution permissions for user-writable folders.

Exploitation status

Public Exploit Available: Unknown

Analyst recommendation

Administrators must prioritize updating the Motors plugin immediately. Failure to remediate this vulnerability leaves the application exposed to trivial remote code execution attacks that can compromise the entire underlying web server.