Hackers Exploit Critical WordPress Theme Flaw to Hijack Sites via Remote Plugin Install
01.08.2025
5573
Critical WordPress flaw CVE-2025-5394 lets attackers take over sites using the "Alone" theme. 120K+ attempts blocked.
WordPress sites are under siege! Hackers are exploiting a critical vulnerability in the "Alone" theme, tagged as CVE-2025-5394, to remotely install plugins and take full control. Over 120,000 attack attempts have been blocked, but the threat is far from over.
This isn't your average bug. It's a gaping security hole that allows attackers to bypass authentication and execute arbitrary code. Translation: they can do whatever they want on your site, from stealing data to spreading malware.
- • Flaw identified in the "Alone" WordPress theme.
- • Allows remote plugin installation without authentication.
- • Over 120,000 attack attempts detected and blocked.
- • CVE-2025-5394 is the official designation for this vulnerability.
Wordfence, the cybersecurity firm that spotted the attacks, has deployed virtual patching to protect vulnerable sites. But if you're using the "Alone" theme, it's time to update or switch themes ASAP. Don't wait for the hackers to come knocking.
#hack#malware#cybersecurity#unauthenticated access#CVE vulnerabilities
Got a topic? Write to ATLA WIRE on Telegram:t.me/atla_community
