\u200bThreat actors are actively exploiting a critical security flaw in “Alone \u2013 Charity Multipurpose Non-profit WordPress Theme” to take over susceptible sites.
\nThe vulnerability, tracked as CVE-2025-5394, carries a CVSS score of 9.8. Security researcher Th\u00e1i An has been credited with discovering and reporting the bug.
\nAccording to Wordfence, the shortcoming relates to an arbitrary file upload\u00a0Threat actors are actively exploiting a critical security flaw in “Alone \u2013 Charity Multipurpose Non-profit WordPress Theme” to take over susceptible sites.
\nThe vulnerability, tracked as CVE-2025-5394, carries a CVSS score of 9.8. Security researcher Th\u00e1i An has been credited with discovering and reporting the bug.
\nAccording to Wordfence, the shortcoming relates to an arbitrary file upload\u00a0\u00a0The Hacker News<\/p>","protected":false},"excerpt":{"rendered":"
\u200bThreat actors are actively exploiting a critical security flaw in “Alone \u2013 Charity Multipurpose Non-profit WordPress Theme” to take over susceptible sites. The vulnerability, tracked as CVE-2025-5394, carries a CVSS score of 9.8. Security researcher Th\u00e1i An has been credited with discovering and reporting the bug. According to Wordfence, the shortcoming relates to an arbitrary… Read More »Hackers Exploit Critical WordPress Theme Flaw to Hijack Sites via Remote Plugin Install<\/span><\/a><\/p>\n","protected":false},"author":0,"featured_media":5076,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"neve_meta_sidebar":"","neve_meta_container":"","neve_meta_enable_content_width":"","neve_meta_content_width":0,"neve_meta_title_alignment":"","neve_meta_author_avatar":"","neve_post_elements_order":"","neve_meta_disable_header":"","neve_meta_disable_footer":"","neve_meta_disable_title":"","_themeisle_gutenberg_block_has_review":false,"footnotes":""},"categories":[1],"tags":[],"_links":{"self":[{"href":"https:\/\/news.cybertechworld.co.in\/index.php\/wp-json\/wp\/v2\/posts\/5075"}],"collection":[{"href":"https:\/\/news.cybertechworld.co.in\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news.cybertechworld.co.in\/index.php\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/news.cybertechworld.co.in\/index.php\/wp-json\/wp\/v2\/comments?post=5075"}],"version-history":[{"count":0,"href":"https:\/\/news.cybertechworld.co.in\/index.php\/wp-json\/wp\/v2\/posts\/5075\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news.cybertechworld.co.in\/index.php\/wp-json\/wp\/v2\/media\/5076"}],"wp:attachment":[{"href":"https:\/\/news.cybertechworld.co.in\/index.php\/wp-json\/wp\/v2\/media?parent=5075"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news.cybertechworld.co.in\/index.php\/wp-json\/wp\/v2\/categories?post=5075"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news.cybertechworld.co.in\/index.php\/wp-json\/wp\/v2\/tags?post=5075"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}