Threat actors are actively exploiting a critical security flaw in "Alone – Charity Multipurpose Non-profit WordPress Theme" to take over susceptible sites. The vulnerability, tracked as CVE-2025-5394, carries a CVSS score of 9.8. Security researcher Thái An has been credited with discovering and reporting the bug. According to Wordfence, the shortcoming relates to an arbitrary file upload
![]()
source https://thehackernews.com/2025/07/hackers-exploit-critical-wordpress.html
source https://thehackernews.com/2025/07/hackers-exploit-critical-wordpress.html