CVE-2025-5393 – WordPress Alone Charity Multipurpose Non-profit Theme Arbitrary File Deletion Vulnerability

July 15, 2025

CVE ID : CVE-2025-5393

Published : July 15, 2025, 4:15 a.m. | 11 hours, 29 minutes ago

Description : The Alone – Charity Multipurpose Non-profit WordPress Theme theme for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the alone_import_pack_restore_data() function in all versions up to, and including, 7.8.3. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).

Severity: 9.1 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5394 – Alone – Charity Multipurpose Non-profit WordPress Theme Unauthenticated Arbitrary File Upload Vulnerability

Next Article The Hidden Trade-Offs of Scriptless Automation Are You Sacrificing Strategy for Speed?

Harness Infrastructure as Code Management expands with features that facilitate better reusability

Akka introduces platform for distributed agentic AI

Design Patterns For AI Interfaces

Amazon launches spec-driven AI IDE, Kiro

AI-powered malware eludes Microsoft Defender’s security checks 8% of the time — with just 3 months of training and “reinforcement learning” for around $1,600

7 games that are perfect for handheld gaming PCs — with my favorite Steam Deck, ROG Ally, and Legion Go titles

Windows 11 Firewall with Advanced Security flags up errors in “under development” code — but it’s nothing to worry about

Metal Gear Solid Delta: Snake Eater — How to pre-order, release dates, story, gameplay, and everything else you need to know

AI-Driven Development Insiders Launch: 500 Seats. 24 Hours. 50% Off

AI-Driven Development Insiders Launch: 500 Seats. 24 Hours. 50% Off

The details of TC39’s last meeting

Revolutionize Your IoT Management with Total.js IoT Platform: Simplify, Monitor, and Optimize

AI-powered malware eludes Microsoft Defender’s security checks 8% of the time — with just 3 months of training and “reinforcement learning” for around $1,600

AI-powered malware eludes Microsoft Defender’s security checks 8% of the time — with just 3 months of training and “reinforcement learning” for around $1,600

7 games that are perfect for handheld gaming PCs — with my favorite Steam Deck, ROG Ally, and Legion Go titles

Windows 11 Firewall with Advanced Security flags up errors in “under development” code — but it’s nothing to worry about

CVE-2025-5393 – WordPress Alone Charity Multipurpose Non-profit Theme Arbitrary File Deletion Vulnerability

Critical Sudo Vulnerabilities Let Local Users Gain Root Access on Linux, Impacting Major Distros

Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads

snapborg synchronizes snapper snapshots to a borg repository

CVE-2025-46633 – Tenda RX2 Pro Information Leak

How Much Does It Cost to Build a White-Label Enterprise Performance Management Software?

CVE-2025-20297 – Splunk Cross-Site Scripting (XSS)

Vibe coding: Your roadmap to becoming an AI developer

Apple’s App Store shaken: Court ends ‘Apple tax’ on external purchases

CVE-2025-46825 – Kanboard Stored Cross-Site Scripting (XSS) Vulnerability

CVE-2025-6206 – “Aiomatic WordPress Arbitrary File Upload Vulnerability”

CVE-2025-5393 – WordPress Alone Charity Multipurpose Non-profit Theme Arbitrary File Deletion Vulnerability

Related Posts