Hackers Actively Exploit Critical RCE in WordPress Alone Theme

Hackers actively exploit critical RCE in WordPress Alone theme

Threat actors are actively exploiting a critical unauthenticated arbitrary file upload vulnerability in the WordPress theme 'Alone,' to achieve remote code execution and perform a full site takeover.

Hackers Exploit Critical WordPress Theme Flaw to Hijack Sites via Remote Plugin Install

Threat actors are actively exploiting a critical security flaw in "Alone – Charity Multipurpose Non-profit WordPress Theme" to take over susceptible sites. The vulnerability, tracked as CVE-2025-5394, carries a CVSS score of 9.8. Security researcher Thái An has been credited with discovering and reporting the bug. According to Wordfence, the shortcoming relates to an arbitrary file upload

Hackers Actively Exploit Critical RCE In WordPress Alone Theme - Cybernoz - Cybersecurity News

Threat actors are actively exploiting a critical unauthenticated arbitrary file upload vulnerability in the WordPress theme ‘Alone,’ to achieve remote code execution and perform a full site takeover. Wordfence is reporting the malicious activity, saying it has blocked over 120,000 exploitation attempts targeting its customers. The WordPress security firm also reports that the attacks started several days before public disclosure of the flaw, ind…