Threat Advisories:

Alone Theme Vulnerability Puts WordPress Sites at Risk

Red | Vulnerability Report
Download PDF

A critical vulnerability (CVE-2025-5394) in the popular Alone – Charity Multipurpose Non-profit WordPress Theme has put thousands of websites at serious risk. Affecting versions up to 7.8.3, this flaw lets attackers upload malicious files without needing to log in, no passwords, and no admin rights. By exploiting a weak plugin installer, hackers can install backdoors disguised as innocent-looking plugins, giving them full control over the site. What’s more alarming is that exploitation began even before the vulnerability was made public, with over 120,900 attack attempts already blocked. This shows how fast and aggressive threat actors are, and why it’s crucial for site owners to patch immediately.

What’s new on HivePro

Get through updates and upcoming events, and more directly in your inbox

Cyber Horizons 2025

What Last Year’s Attacks Reveal About Today’s Risks

Watch the Webinar on-demand and get a FREE copy of our Cyber Horizons 2025 report.

Our Speakers
Speaker 1

Prateek Bhajanka Global Field CISO & Former Gartner Analyst Hive Pro Inc.

Speaker 2

Ankit Mani Manager Threat Intel HiveForce Labs

Speaker 3

Sreevani Tonipe Senior Threat Researcher HiveForce Labs