A critical vulnerability (CVE-2025-5394) in the popular Alone – Charity Multipurpose Non-profit WordPress Theme has put thousands of websites at serious risk. Affecting versions up to 7.8.3, this flaw lets attackers upload malicious files without needing to log in, no passwords, and no admin rights. By exploiting a weak plugin installer, hackers can install backdoors disguised as innocent-looking plugins, giving them full control over the site. What’s more alarming is that exploitation began even before the vulnerability was made public, with over 120,900 attack attempts already blocked. This shows how fast and aggressive threat actors are, and why it’s crucial for site owners to patch immediately.
What’s new on HivePro
Get through updates and upcoming events, and more directly in your inbox