CVE-2025-5394 – Alone – Charity Multipurpose Non-profit WordPress Theme Unauthenticated Arbitrary File Upload Vulnerability

July 15, 2025

CVE ID : CVE-2025-5394

Published : July 15, 2025, 4:15 a.m. | 11 hours, 29 minutes ago

Description : The Alone – Charity Multipurpose Non-profit WordPress Theme theme for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the alone_import_pack_install_plugin() function in all versions up to, and including, 7.8.3. This makes it possible for unauthenticated attackers to upload zip files containing webshells disguised as plugins from remote locations to achieve remote code execution.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-7340 – “Elementor HT Contact Form Widget File Upload Vulnerability”

Next Article CVE-2025-5393 – WordPress Alone Charity Multipurpose Non-profit Theme Arbitrary File Deletion Vulnerability

Tiny Screens, Big Impact: The Forgotten Art Of Developing Web Apps For Feature Phones

Kong AI Gateway 3.11 introduces new method for reducing token costs

Native vs hybrid vs cross-platform: Resolving the trilemma

JetBrains updates Junie, Gemini API adds embedding model, and more – Daily News Digest

My favorite Bose products are on sale plus an extra 25% discount – if you buy refurbished

Microsoft saved $500 million using AI — after slashing over 15,000 jobs in 2025

Obsidian’s Xbox RPG Avowed gets another update bringing bug fixes and these new abilities — and it’s now Steam Deck Verified

Half of Windows PCs are still yet to upgrade to Windows 11 — and are running out of time, says study

The details of TC39’s last meeting

The details of TC39’s last meeting

Vector Search Embeddings and RAG

Python Meets Power Automate: Trigger via URL

Ubuntu 25.10 Fixes the Dock’s Inconsistent Radii

Ubuntu 25.10 Fixes the Dock’s Inconsistent Radii

Microsoft saved $500 million using AI — after slashing over 15,000 jobs in 2025

Obsidian’s Xbox RPG Avowed gets another update bringing bug fixes and these new abilities — and it’s now Steam Deck Verified

CVE-2025-5394 – Alone – Charity Multipurpose Non-profit WordPress Theme Unauthenticated Arbitrary File Upload Vulnerability

Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads

CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises

CVE-2025-1565 – WordPress Mayosis Core Plugin Arbitrary File Read Vulnerability

Spf Permerror Troubleshooting Guide For Better Email Deliverability Today

Why Apple’s Critique of AI Reasoning Is Premature

DeepSeek-AI Released DeepSeek-Prover-V2: An Open-Source Large Language Model Designed for Formal Theorem, Proving through Subgoal Decomposition and Reinforcement Learning

Securonis Linux – privacy and security-focused distribution

Ubuntu 25.10 Daily Builds Now Available to Download

CVE-2024-41196 – Ocuco Innovation REPORTSERVER.EXE Remote Authentication Bypass and Privilege Escalation Vulnerability

Fix: Didn’t Receive Email from Starlink?

CVE-2025-5394 – Alone – Charity Multipurpose Non-profit WordPress Theme Unauthenticated Arbitrary File Upload Vulnerability

Related Posts