Lucene search
K

11 matches found

Patchstack
Patchstack
added 2025/09/08 12:0 a.m.12 views

WordPress Goza Theme <= 3.2.2 is vulnerable to Arbitrary File Upload

Software Goza Type Theme Vulnerable versions = 3.2.2 Fixed in 3.2.3 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2025-5394 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 66a283dd0c55 Credits GR0V Required privilege Unauthenticated Published 8...

9.8CVSS7.3AI score0.47529EPSS
Exploits3References2Affected Software1
GithubExploit
GithubExploit
added 2025/08/02 8:1 p.m.762 views

Exploit for CVE-2025-5394

CVE-2025-5394 – WordPress Alone Theme = 7.8.3 - Unauthenticat...

9.8CVSS7.9AI score0.47529EPSS
Exploits3
GithubExploit
GithubExploit
added 2025/08/02 7:0 p.m.594 views

Exploit for CVE-2025-5394

🚨 CVE-2025-5394 - Unauthenticated Arbitrary Plugin Upload in A...

9.8CVSS6.3AI score0.47529EPSS
Exploits3
The Hacker News
The Hacker News
added 2025/07/31 6:53 a.m.12 views

Hackers Exploit Critical WordPress Theme Flaw to Hijack Sites via Remote Plugin Install

Threat actors are actively exploiting a critical security flaw in "Alone – Charity Multipurpose Non-profit WordPress Theme" to take over susceptible sites. The vulnerability, tracked as CVE-2025-5394 , carries a CVSS score of 9.8. Security researcher Thái An has been credited with discovering and...

9.8CVSS8.3AI score0.47529EPSS
Exploits3
Circl
Circl
added 2025/07/30 1:38 p.m.29 views

CVE-2025-5394

creationtimestamp| type| source ---|---|--- 2025-07-30 13:38:35+00:00| seen| https://bsky.app/profile/undercodenews.bsky.social/post/3lv6qm47qod2y 2025-07-31 04:53:00+00:00| seen| https://thehackernews.com/2025/07/hackers-exploit-critical-wordpress.html 2025-07-31 08:01:33+00:00| seen|...

9.8CVSS6.1AI score0.47529EPSS
Exploits3References11
Wordfence Blog
Wordfence Blog
added 2025/07/29 2:24 p.m.12 views

Attackers Actively Exploiting Critical Vulnerability in Alone Theme

📢 Calling all Vulnerability Researchers and Bug Bounty Hunters!📢 🌞 Spring into Summer with Wordfence! Now through August 4, 2025, earn 2X bounty rewards forall in-scope submissions from our ‘High Threat’ list in software with fewer than 5 million active installs. Bounties up to $31,200 per...

9.8CVSS7.7AI score0.47529EPSS
Exploits3
RedhatCVE
RedhatCVE
added 2025/07/17 3:46 a.m.16 views

CVE-2025-5394

The Alone – Charity Multipurpose Non-profit WordPress Theme theme for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the aloneimportpackinstallplugin function in all versions up to, and including, 7.8.3. This makes it possible for unauthenticated attackers ...

9.8CVSS6.5AI score0.47529EPSS
Exploits3References1
NVD
NVD
added 2025/07/15 4:15 a.m.9 views

CVE-2025-5394

The Alone – Charity Multipurpose Non-profit WordPress Theme theme for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the aloneimportpackinstallplugin function in all versions up to, and including, 7.8.3. This makes it possible for unauthenticated attackers ...

9.8CVSS0.47529EPSS
Exploits3References2
Vulnrichment
Vulnrichment
added 2025/07/15 3:43 a.m.7 views

CVE-2025-5394 Alone – Charity Multipurpose Non-profit WordPress Theme <= 7.8.3 - Missing Authorization to Unauthenticated Arbitrary File Upload via Plugin Installation

The Alone – Charity Multipurpose Non-profit WordPress Theme theme for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the aloneimportpackinstallplugin function in all versions up to, and including, 7.8.3. This makes it possible for unauthenticated attackers ...

9.8CVSS8.1AI score0.47529EPSS
Exploits3References2
CVE
CVE
added 2025/07/15 3:43 a.m.116 views

CVE-2025-5394

CVE-2025-5394 (Alone – Charity WordPress Theme) Affected product: Alone – Charity Multipurpose Non-profit WordPress Theme (versions up to 7.8.3). Root cause: missing capability check in the function alone_import_pack_install_plugin(), allowing unauthenticated users to upload arbitrary ZIP files d...

9.8CVSS6.5AI score0.47529EPSS
In wildExploits3References2
Patchstack
Patchstack
added 2025/07/14 12:0 a.m.11 views

WordPress Alone Theme <= 7.8.3 is vulnerable to Arbitrary File Upload

Software Alone Type Theme Vulnerable versions = 7.8.3 Fixed in 7.8.5 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2025-5394 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 6abf738d57a0 Credits Thái An Required privilege Unauthenticated Published...

9.8CVSS7.2AI score0.47529EPSS
Exploits3References2Affected Software1
Rows per page
Query Builder