CVE-2025-5394
Expert Analysis
Professional remediation guidance
Get tailored security recommendations from our analyst team for CVE-2025-5394. We'll provide specific mitigation strategies based on your environment and risk profile.
CVSS Score
V3.1Attack Vector Metrics
Impact Metrics
Description
The Alone – Charity Multipurpose Non-profit WordPress Theme theme for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the alone_import_pack_install_plugin() function in all versions up to, and including, 7.8.3. This makes it possible for unauthenticated attackers to upload zip files containing webshells disguised as plugins from remote locations to achieve remote code execution.
Available Exploits
Related News
Hackers exploit a critical vulnerability, tracked as CVE-2025-5394 (CVSS score of 9.8), in the Alone WordPress theme to hijack sites. Threat actors are actively exploiting a critical flaw, tracked as CVE-2025-5394 (CVSS score of 9.8), in the “Alone – Charity …
Threat actors are actively exploiting a critical security flaw in "Alone – Charity Multipurpose Non-profit WordPress Theme" to take over susceptible sites. The vulnerability, tracked as CVE-2025-5394, carries a CVSS score of 9.8. Security researcher Thái An h…
Affected Products
Affected Versions:
EU Vulnerability Database
Monitored by ENISA for EU cybersecurity
ENISA Analysis
The Alone – Charity Multipurpose Non-profit WordPress Theme theme for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the alone_import_pack_install_plugin() function in all versions up to, and including, 7.8.3. This makes it possible for unauthenticated attackers to upload zip files containing webshells disguised as plugins from remote locations to achieve remote code execution.
Affected Products (ENISA)
ENISA Scoring
CVSS Score (3.1)
EPSS Score
ENISA References
Data provided by ENISA EU Vulnerability Database. Last updated: July 15, 2025
GitHub Security Advisories
Community-driven vulnerability intelligence from GitHub
Advisory Details
CVSS Scoring
CVSS Score
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References
Advisory provided by GitHub Security Advisory Database. Published: July 15, 2025, Modified: July 15, 2025
Social Media Intelligence
Real-time discussions and threat intelligence from social platforms
Saugumo pažeidžiamumas „Alone - Charity Multipurpose Non-profit“ Dėmesio WordPress svetainių savininkai! Atrasta kritinė CVE-2025-5394 saugumo spraga „Alone – Charity Multipurpose Non-profit“ temoje, leidžianti bet kokio failo įkėlimą. CVSS balas: 9.8. Skubiai atnaujinkite temą, kad apsaugotumėte savo svetainę. Ačiū tyrėjui Thái An. Skaitom: [https://thehackernews.com/2025/07/hackers-exploit-critical-wordpress.html](https://thehackernews.com/2025/07/hackers-exploit-critical-wordpress.html)
🔥 Top 10 Trending CVEs (04/08/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2025-54136](https://nvd.nist.gov/vuln/detail/CVE-2025-54136)** - 📝 Cursor is a code editor built for programming with AI. In versions 1.2.4 and below, attackers can achieve remote and persistent code execution by modifying an already trusted …
🔥 Top 10 Trending CVEs (03/08/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2024-38018](https://nvd.nist.gov/vuln/detail/CVE-2024-38018)** - 📝 Microsoft SharePoint Server Remote Code Execution Vulnerability - 📅 **Published:** 10/09/2024 - 📈 **CVSS:** 8.8 - 🧭 **Vector:** CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C - 📣 **Mentions:** 1 - ⚠️ **Priority:** 2 - …
🔥 Top 10 Trending CVEs (02/08/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2025-54135](https://nvd.nist.gov/vuln/detail/CVE-2025-54135)** - 📝 n/a - 📈 **CVSS:** 0 - 🧭 **Vector:** n/a - ⚠️ **Priority:** n/a - 📝 **Analysis:** No Information available for this CVE at the moment --- **2. [CVE-2025-5394](https://nvd.nist.gov/vuln/detail/CVE-2025-5394)** …
Hackers Exploit WordPress Theme Flaw to Hijack Sites **A critical vulnerability in the Alone WordPress theme allows hackers to take control of websites through remote plugin installation.** **Key Points:** - CVE-2025-5394 has a CVSS score of 9.8, indicating a severe risk. - The vulnerability allows unauthenticated attackers to upload malicious …
What's going on in the cyber world today? **Cyber Alerts** • Choicejacking attack enables data theft via public chargers, bypassing smartphone USB safeguards (Security Researchers) • CVE-2025-5394 in "Alone" WordPress theme allows unauthenticated file uploads—update to v7.8.5 now (WordPress Security) • Fake crypto trading apps distribute JSCEAL malware via Facebook …