Urgent: Update Alone Theme Now to Patch Critical Vulnerability
WordPress site admins using the Alone theme are urged to update immediately due to a critical vulnerability (CVE-2025-5394) that attackers are actively exploiting. The flaw, patched in version 7.8.5, allows unauthenticated users to upload arbitrary files and take over sites.
The vulnerability, an Arbitrary File Upload via Plugin Installation issue, is caused by insufficient capability and nonce checks in the Alone theme's function. Attackers are exploiting this to upload ZIP files containing PHP backdoors, enabling remote command execution and full site control.
Since the patch, Wordfence has blocked over 120,900 exploit attempts. The flaw was first reported on May 30, 2025, and was exploited as a zero-day before public disclosure on July 14, 2025. Attackers started exploiting the vulnerability on July 12, 2025, two days before its public announcement. Site admins should check for suspicious admin accounts and logs, and update to the latest version to protect their sites.
The Alone theme vulnerability (CVE-2025-5394) is a serious threat to WordPress sites using versions up to 7.8.3. Admins should update to the latest version, monitor their sites for suspicious activity, and remain vigilant against potential attacks.
Read also:
- Belarus Launches First Accredited Cybersecurity Center
- Software Ré́publique Unveils Ambitious Projects: Cybersecurity for Renault, Vehicle Flow Modeling, and Intelligent Charging
- Renault, Dacia Warn of Cyber Attack on Third-Party Data Provider
- Retail Fraud Surges: New Tactics Threaten Consumers and Businesses
