Threat perpetrators are currently leveraging a significant security vulnerability in the “Alone – Charity Multipurpose Non-profit WordPress Theme” to gain control of vulnerable websites.
The flaw, identified as CVE-2025-5394, has a CVSS rating of 9.8. Security investigator Thái An has been acknowledged for uncovering and notifying about the issue.
As per Wordfence, the deficiency pertains to an unrestricted file upload.