Ptechhub
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
PtechHub
No Result
View All Result

Hackers Exploit Critical WordPress Theme Flaw to Hijack Sites via Remote Plugin Install

The Hacker News by The Hacker News
July 31, 2025
Home Cybersecurity
Share on FacebookShare on Twitter


Jul 31, 2025Ravie LakshmananVulnerability / Website Security

Threat actors are actively exploiting a critical security flaw in “Alone – Charity Multipurpose Non-profit WordPress Theme” to take over susceptible sites.

The vulnerability, tracked as CVE-2025-5394, carries a CVSS score of 9.8. Security researcher Thái An has been credited with discovering and reporting the bug.

According to Wordfence, the shortcoming relates to an arbitrary file upload affecting all versions of the plugin prior to and including 7.8.3. It has been addressed in version 7.8.5 released on June 16, 2025.

CVE-2025-5394 is rooted in a plugin installation function named “alone_import_pack_install_plugin()” and stems from a missing capability check, thereby allowing unauthenticated users to deploy arbitrary plugins from remote sources via AJAX and achieve code execution.

“This vulnerability makes it possible for an unauthenticated attacker to upload arbitrary files to a vulnerable site and achieve remote code execution, which is typically leveraged for a complete site takeover,” Wordfence’s István Márton said.

Evidence shows that CVE-2025-5394 began to be exploited starting July 12, two days before the vulnerability was publicly disclosed. This indicates that the threat actors behind the campaign may have been actively monitoring code changes for any newly addressed vulnerabilities.

Cybersecurity

The company said it has already blocked 120,900 exploit attempts targeting the flaw. The activity has originated from the following IP addresses –

  • 193.84.71.244
  • 87.120.92.24
  • 146.19.213.18
  • 185.159.158.108
  • 188.215.235.94
  • 146.70.10.25
  • 74.118.126.111
  • 62.133.47.18
  • 198.145.157.102
  • 2a0b:4141:820:752::2

In the observed attacks, the flaw is averaged to upload a ZIP archive (“wp-classic-editor.zip” or “background-image-cropper.zip”) containing a PHP-based backdoor to execute remote commands and upload additional files. Also delivered are fully-featured file managers and backdoors capable of creating rogue administrator accounts.

To mitigate any potential threats, WordPress site owners using the theme are advised to apply the latest updates, check for any suspicious admin users, and scan logs for the request “/wp-admin/admin-ajax.php?action=alone_import_pack_install_plugin.”



Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
The Hacker News

The Hacker News

Next Post
Sadhguru hace un llamamiento a una mayor adopción de la meditación para mejorar el bienestar mental global

Sadhguru hace un llamamiento a una mayor adopción de la meditación para mejorar el bienestar mental global

Recommended.

Omdia survey finds phishing attacks top smartphone security concern for consumers

Omdia survey finds phishing attacks top smartphone security concern for consumers

January 20, 2025
eMazzanti Technologies Achieves Four Microsoft Solutions Partner Designations in AI Cloud Partner Program

eMazzanti Technologies Achieves Four Microsoft Solutions Partner Designations in AI Cloud Partner Program

November 25, 2025

Trending.

CELLCOM ISRAEL LTD. Announcement of A Special General Meeting of The Shareholders of The Company

CELLCOM ISRAEL LTD. Announcement of A Special General Meeting of The Shareholders of The Company

May 21, 2025
Veeam Debuts Data Resiliency Maturity Model To Assess, Improve Customers’ Cyber Resiliency

Veeam Debuts Data Resiliency Maturity Model To Assess, Improve Customers’ Cyber Resiliency

April 23, 2025
MocPOGO Easter Special Deals: The Pokémon GO Spoofer You Need for Might and Mastery 2025!

MocPOGO Easter Special Deals: The Pokémon GO Spoofer You Need for Might and Mastery 2025!

April 7, 2025
VNET Wins 40MW Wholesale Order from Leading Internet Company for Its New Strategic IDC Campus

VNET Wins 40MW Wholesale Order from Leading Internet Company for Its New Strategic IDC Campus

September 11, 2025
Insurance Modernization at Risk as Workforce Strategies Fall Behind, Says Info-Tech Research Group

Insurance Modernization at Risk as Workforce Strategies Fall Behind, Says Info-Tech Research Group

May 8, 2026

PTechHub

A tech news platform delivering fresh perspectives, critical insights, and in-depth reporting — beyond the buzz. We cover innovation, policy, and digital culture with clarity, independence, and a sharp editorial edge.

Follow Us

Industries

  • AI & ML
  • Cybersecurity
  • Enterprise IT
  • Finance
  • Telco

Navigation

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Subscribe to Our Newsletter

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Copyright © 2025 | Powered By Porpholio

No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs

Copyright © 2025 | Powered By Porpholio