Impreza Portal
Sign InMy ServicesMy DomainsMy InvoicesMy Tickets
News
Celebrative Logos
Our Platform
Carbon Removal Commitment
Tutorials
Video TutorialsKnowledge Base
More
UptimeNetwork StatusAffiliatesJobsAbout us
Contact
Submit Ticket (Less than 1hour to answer)Whatsapp (Less than 24hours to answer)Telegram (Less than 24hours to answer)Report Abuse
HOMEDOMAINS
CONTACT
Login
Sign InCreate an Account
No Comments

Critical Security Flaw in “Alone” WordPress Theme Exposed

 

Threat actors actively exploit a critical security flaw in “Alone – Charity Multipurpose Non-profit WordPress Theme” to take over susceptible sites.

The vulnerability, tracked as CVE-2025-5394, carries a CVSS score of 9.8. Security researcher Thái An discovered and reported the bug.

According to Wordfence, the shortcoming relates to an arbitrary file upload that affects all versions of the plugin prior to and including 7.8.3. The developers Addressed this issue in version 7.8.5, which they released on June 16, 2025.

CVE-2025-5394 originates from a plugin installation function named “alone_import_pack_install_plugin()” and stems from a missing capability check. This Oversight allows Unauthenticated users to deploy Arbitrary plugins from remote sources via AJAX, leading to code execution.

“This vulnerability makes it possible for an unauthenticated attacker to upload arbitrary files to a vulnerable site and achieve remote code execution, which is typically leveraged for a complete site takeover,” Wordfence’s István Márton stated.

Evidence shows that CVE-2025-5394 began to be Exploited starting July 12, just two days before the Vulnerability became publicly Disclosed. This timing indicates that the threat actors behind the campaign actively Monitored code changes for any newly Addressed Vulnerabilities.

The company reported that it has already blocked 120,900 exploit attempts targeting the flaw. The activity has originated from the following IP addresses:

  • 193.84.71.244
  • 87.120.92.24
  • 146.19.213.18
  • 185.159.158.108
  • 188.215.235.94
  • 146.70.10.25
  • 74.118.126.111
  • 62.133.47.18
  • 198.145.157.102
  • 2a0b:4141:820:752::2

In the observed attacks, the flaw averages an upload of a ZIP archive (“wp-classic-editor.zip” or “background-image-cropper.zip”) that contains a PHP-based Backdoor to execute remote commands and upload additional files. Attackers also deliver Fully-featured file Managers and Backdoors capable of creating rogue administrator accounts.

To Mitigate any potential threats, WordPress site owners using the theme should apply the latest updates, check for any suspicious admin users, and scan logs for the request “/wp-admin/admin-ajax.php?action=alone_import_pack_install_plugin.”

 

Source: TheHackerNews

Read more at Impreza News

You might also like
Flaw, News, Vulnerability, WordPress
Flaw, News, Vulnerability, WordPress

More Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.