CVE-2025-5394 – Alone – Charity Multipurpose Non-profit WordPress Theme Unauthenticated Arbitrary File Upload Vulnerability

July 15, 2025

CVE ID : CVE-2025-5394

Published : July 15, 2025, 4:15 a.m. | 11 hours, 29 minutes ago

Description : The Alone – Charity Multipurpose Non-profit WordPress Theme theme for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the alone_import_pack_install_plugin() function in all versions up to, and including, 7.8.3. This makes it possible for unauthenticated attackers to upload zip files containing webshells disguised as plugins from remote locations to achieve remote code execution.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-7340 – “Elementor HT Contact Form Widget File Upload Vulnerability”

Next Article CVE-2025-5393 – WordPress Alone Charity Multipurpose Non-profit Theme Arbitrary File Deletion Vulnerability

Highlights

CVE-2025-34160 – AnyShare ServiceAgent API Remote Code Execution Vulnerability

August 27, 2025

CVE ID : CVE-2025-34160

Published : Aug. 27, 2025, 10:15 p.m. | 3 hours, 34 minutes ago

Description : AnyShare contains a critical unauthenticated remote code execution vulnerability in the ServiceAgent API exposed on port 10250. The endpoint /api/ServiceAgent/start_service accepts user-supplied input via POST and fails to sanitize command-like payloads. An attacker can inject shell syntax that is interpreted by the backend, enabling arbitrary command execution. The vulnerability is presumed to affect builds released prior to August 2025 and is said to be remediated in newer versions of the product, though the exact affected range remains undefined.

Severity: 10.0 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

10 Top Generative AI Development Companies for Enterprise Node.js Projects

Prompting Is A Design Act: How To Brief, Guide And Iterate With AI

Best React.js Development Services in 2025: Features, Benefits & What to Look For

August 2025: AI updates from the past month

This 3-in-1 charger has a retractable superpower that’s a must for travel

How a legacy hardware company reinvented itself in the AI age

The 13+ best Walmart Labor Day deals 2025: Sales on Apple, Samsung, LG, and more

You can save up to $700 on my favorite Bluetti power stations for Labor Day

Call for Speakers – JS Conf Armenia 2025

Call for Speakers – JS Conf Armenia 2025

Streamlining Application Automation with Laravel’s Task Scheduler

A Fluent Path Builder for PHP and Laravel

Windows 11 KB5064081 24H2 adds taskbar clock, direct download links for .msu offline installer

Windows 11 KB5064081 24H2 adds taskbar clock, direct download links for .msu offline installer

My Family Cinema not Working? 12 Quick Fixes

Super-linter – collection of linters and code analyzers

CVE-2025-5394 – Alone – Charity Multipurpose Non-profit WordPress Theme Unauthenticated Arbitrary File Upload Vulnerability

WhatsApp Issues Emergency Update for Zero-Click Exploit Targeting iOS and macOS Devices

Attackers Abuse Velociraptor Forensic Tool to Deploy Visual Studio Code for C2 Tunneling

8 Best Free and Open Source Linux Personal Information Managers

Krutik Poojara | Cybersecurity Expert, AI Researcher & Author

“Even though I worked on Oblivion Remastered, I’m still excited for Skyblivion.” Bethesda dev shouts out huge Oblivion remake mod coming later this year

CVE-2025-35114 – Agiloft Default Credentials Privilege Escalation

CVE-2025-34160 – AnyShare ServiceAgent API Remote Code Execution Vulnerability

CVE-2025-55345 – Codex Symlink File Overwrite RCE

Distribution Release: Manjaro Linux 25.0.0

Building a Multi-Agent Conversational AI Framework with Microsoft AutoGen and Gemini API

CVE-2025-5394 – Alone – Charity Multipurpose Non-profit WordPress Theme Unauthenticated Arbitrary File Upload Vulnerability

Related Posts