Active Exploitation of CVE-2025-5394 in Alone WordPress Theme

SUMMARY :

A critical arbitrary file-upload vulnerability (CVE-2025-5394) in the Alone - Charity Multipurpose Non-profit WordPress theme versions 7.8.3 and earlier is being actively exploited. The flaw, with a CVSS score of 9.8, allows unauthenticated attackers to upload malicious ZIP archives containing PHP backdoors, resulting in remote code execution and full site takeover. The vulnerability stems from a missing authorization check in the alone_import_pack_install_plugin() AJAX handler. Attackers can exploit this to upload web shells, execute commands, deploy file managers, and create rogue admin accounts. Several IP addresses have been identified as sources of attacks. Website owners are urged to update to version 7.8.5 or later, verify site integrity, strengthen access controls, and enhance detection and monitoring measures.

OPENCTI LABELS :

remote code execution,vulnerability,wordpress,web shells,theme,alone theme,cve-2025-5394,arbitrary file upload


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Active Exploitation of CVE-2025-5394 in Alone WordPress Theme