A critical arbitrary file-upload vulnerability (CVE-2025-5394) in the Alone – Charity Multipurpose Non-profit WordPress theme versions 7.8.3 and earlier is being actively exploited. The flaw, with a CVSS score of 9.8, allows unauthenticated attackers to upload malicious ZIP archives containing PHP backdoors, resulting in remote code execution and full site takeover. The vulnerability stems from a missing authorization check in the alone_import_pack_install_plugin() AJAX handler. Attackers can exploit this to upload web shells, execute commands, deploy file managers, and create rogue admin accounts. Several IP addresses have been identified as sources of attacks. Website owners are urged to update to version 7.8.5 or later, verify site integrity, strengthen access controls, and enhance detection and monitoring measures. Author: AlienVault
Related Tags:
cve-2025-5394
alone theme
theme
web shells
T1078.004
T1136.002
T1070.006
remote code execution
WordPress
Associated Indicators:
193.84.71.244