WordPress Theme Alone: More than 120.000 attack attempts documented
Attackers are currently targeting WordPess websites with the Alone theme. The developers have closed a vulnerability in a recent version.
(Image: serato/shutterstock.com)
A security vulnerability in the WordPress theme Alone makes websites equipped with it vulnerable. Attackers are already exploiting the"critical" gap and executing malicious code. A secured version is available for download.
Backdoor attacks
Security researchers from Wordfence warn of the attacks in an article. They claim to have observed more than 120,000 attack attempts at peak times. If attackers successfully exploit the vulnerability (CVE-2025-5394), they can upload and execute zip files with malicious code without authentication due to a lack of checks.
The researchers explain that attackers try to install plug-ins infected with malicious code on successfully attacked websites in order to set up backdoors. Admins should therefore be on the lookout for unknown plug-ins.
Videos by heise
The developers claim to have solved the security problem in Alone – Charity Multipurpose Non-profit WordPress Theme 7.8.5.
(des)
