Hackers Exploit Critical WordPress Theme Flaw to Hijack Sites via Remote Plugin Install

Source: The Hacker News | Added:

Threat actors are exploiting a critical vulnerability in the 'Alone – Charity Multipurpose Non-profit WordPress Theme' that allows them to take over affected sites. This security flaw, tracked as CVE-2025-5394, has a high severity score of 9.8 and involves arbitrary file uploads.

Impact: Alone – Charity Multipurpose Non-profit WordPress Theme

In the Wild: Yes

Age: Newly disclosed

Remediation: Not specified

CVE Exploit Vulnerability

Read Full Original Article →