11 matches found
WordPress Goza Theme <= 3.2.2 is vulnerable to Arbitrary File Upload
Software Goza Type Theme Vulnerable versions = 3.2.2 Fixed in 3.2.3 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2025-5394 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 66a283dd0c55 Credits GR0V Required privilege Unauthenticated Published 8...
Exploit for CVE-2025-5394
CVE-2025-5394 – WordPress Alone Theme = 7.8.3 - Unauthenticat...
Exploit for CVE-2025-5394
🚨 CVE-2025-5394 - Unauthenticated Arbitrary Plugin Upload in A...
Hackers Exploit Critical WordPress Theme Flaw to Hijack Sites via Remote Plugin Install
Threat actors are actively exploiting a critical security flaw in "Alone – Charity Multipurpose Non-profit WordPress Theme" to take over susceptible sites. The vulnerability, tracked as CVE-2025-5394 , carries a CVSS score of 9.8. Security researcher Thái An has been credited with discovering and...
CVE-2025-5394
creationtimestamp| type| source ---|---|--- 2025-07-30 13:38:35+00:00| seen| https://bsky.app/profile/undercodenews.bsky.social/post/3lv6qm47qod2y 2025-07-31 04:53:00+00:00| seen| https://thehackernews.com/2025/07/hackers-exploit-critical-wordpress.html 2025-07-31 08:01:33+00:00| seen|...
Attackers Actively Exploiting Critical Vulnerability in Alone Theme
📢 Calling all Vulnerability Researchers and Bug Bounty Hunters!📢 🌞 Spring into Summer with Wordfence! Now through August 4, 2025, earn 2X bounty rewards forall in-scope submissions from our ‘High Threat’ list in software with fewer than 5 million active installs. Bounties up to $31,200 per...
CVE-2025-5394
The Alone – Charity Multipurpose Non-profit WordPress Theme theme for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the aloneimportpackinstallplugin function in all versions up to, and including, 7.8.3. This makes it possible for unauthenticated attackers ...
CVE-2025-5394
The Alone – Charity Multipurpose Non-profit WordPress Theme theme for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the aloneimportpackinstallplugin function in all versions up to, and including, 7.8.3. This makes it possible for unauthenticated attackers ...
CVE-2025-5394 Alone – Charity Multipurpose Non-profit WordPress Theme <= 7.8.3 - Missing Authorization to Unauthenticated Arbitrary File Upload via Plugin Installation
The Alone – Charity Multipurpose Non-profit WordPress Theme theme for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the aloneimportpackinstallplugin function in all versions up to, and including, 7.8.3. This makes it possible for unauthenticated attackers ...
CVE-2025-5394
CVE-2025-5394 (Alone – Charity WordPress Theme) Affected product: Alone – Charity Multipurpose Non-profit WordPress Theme (versions up to 7.8.3). Root cause: missing capability check in the function alone_import_pack_install_plugin(), allowing unauthenticated users to upload arbitrary ZIP files d...
WordPress Alone Theme <= 7.8.3 is vulnerable to Arbitrary File Upload
Software Alone Type Theme Vulnerable versions = 7.8.3 Fixed in 7.8.5 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2025-5394 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 6abf738d57a0 Credits Thái An Required privilege Unauthenticated Published...