Threat actors are actively exploiting a critical vulnerability in the “Alone – Charity Multipurpose Non-profit WordPress Theme” to compromise websites. The flaw, CVE-2025-5394, allows unauthenticated remote code execution and has already been targeted by attackers since July 2025. #CVE2025-5394 #WordPressThemes
Keypoints
- The vulnerability CVE-2025-5394 affects all versions of the “Alone – Charity” WordPress theme prior to 7.8.5.
- It originates from a missing capability check in the plugin’s installation function, enabling arbitrary file uploads.
- Attackers are leveraging the flaw to upload ZIP archives containing PHP backdoors for remote code execution.
- Over 120,900 exploit attempts have been blocked by WordPress security measures originating from various IP addresses.
- Site owners are advised to update to the latest version, review admin users, and monitor logs for suspicious activity.
Read More: https://thehackernews.com/2025/07/hackers-exploit-critical-wordpress.html