CVE-2025-60206 WordPress Alone theme <= 7.8.3 - Remote Code Execution (RCE) vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in Beplusthemes Alone alone allows Code Injection.This issue affects Alone: from n/a through = 7.8.3...

CVE-2025-60206

CVE-2025-60206 refers to a code injection vulnerability in Bearsthemes WordPress Alone theme (Alone) that enables remote code execution. Affected: Alone theme versions up to and including 7.8.3. Root cause: improper control of code generation leading to code injection. Impact: high severity with ...

WordPress plugin Alone Theme 安全漏洞

The WordPress Alone Theme plugin is a premium theme for creating photography-based websites that sells close to 10,000 copies in the Envato marketplace and is mainly used by non-profit organizations e.g. charities, fundraising organizations, etc.. WordPress Alone Theme plugin suffers from a code...

WordPress Alone Theme 7.8.3 Arbitrary Plugin Upload

WordPress Alone Theme versions 7.8.3 and below suffer from an arbitrary plugin upload vulnerability...

Attackers Actively Exploiting Critical Vulnerability in Alone Theme

📢 Calling all Vulnerability Researchers and Bug Bounty Hunters!📢 🌞 Spring into Summer with Wordfence! Now through August 4, 2025, earn 2X bounty rewards forall in-scope submissions from our ‘High Threat’ list in software with fewer than 5 million active installs. Bounties up to $31,200 per...

CVE-2025-5396

The Bears Backup plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.0.0. This is due to the bbackupajaxhandle function not having a capability check, nor validating user supplied input passed directly to calluserfunc. This makes it possible for...

WordPress Alone theme <= 7.8.3 - Remote Code Execution (RCE) vulnerability

Remote Code Execution RCE vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Alone versions = 7.8.3...

WordPress Alone theme <= 7.8.3 - Missing Authorization to Unauthenticated Arbitrary File Upload via Plugin Installation vulnerability

Missing Authorization to Unauthenticated Arbitrary File Upload via Plugin Installation vulnerability discovered by Thái An in WordPress Theme Alone versions = 7.8.3...

WordPress Alone Theme <= 7.8.3 is vulnerable to Arbitrary File Upload

Software Alone Type Theme Vulnerable versions = 7.8.3 Fixed in 7.8.5 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2025-5394 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 6abf738d57a0 Credits Thái An Required privilege Unauthenticated Published...

WordPress Alone theme <= 7.8.2 - Arbitrary Code Execution Vulnerability

Arbitrary Code Execution Vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Theme Alone versions = 7.8.2...