US EditionHackers Target Critical WordPress Theme Flaw - Hundreds of Sites at Risk From Potential Takeover, Find Out if You're Affected
5 Articles
5 Articles
Hackers Exploit Critical WordPress Theme Flaw Worldwide
A critical RCE vulnerability (CVE‑2025‑5394) in versions 7.8.3 and earlier of the Alone Charity Multipurpose WordPress Theme is actively exploited. Over 120,000 attempts were recorded against more than 9,000 vulnerable sites, enabling attackers to inject malicious plugins and run arbitrary code by exploiting unauthenticated upload functionality. A related bug (CVE‑2025‑5393) allows arbitrary file deletion, further […] The post Hackers Exploit Cr…
AI Engine Plugin Flaw Exposes 100K Sites To RCE Risk
A security flaw affecting over 100,000 WordPress websites has been discovered in the AI Engine plugin, specifically impacting versions 2.9.3 and 2.9.4. The vulnerability, classified as an arbitrary file upload vulnerability, allows authenticated users, starting from subscriber-level access, to upload malicious files and potentially gain remote code execution (RCE) privileges on the server. This type of vulnerability could result in full site com…
Currently, attackers target WordPess websites with the Theme Alone. In a current version, developers have a vulnerability.
The WordPress theme Alone contains a critical vulnerability that makes websites designed with it vulnerable. The vulnerability is already exploited to execute malicious code. Users of the theme should therefore urgently switch to the already available secure version. According to the security experts of Wordfence, the vulnerability (CVE-2025-5394) allows an unauthenticated attacker to access arbitrary files to a vulnerable website.
Coverage Details
Bias Distribution
- 100% of the sources are Center
Factuality
To view factuality data please Upgrade to Premium