Skip to main content

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Critical Vulnerability in WordPress Theme
Alerts

Critical Vulnerability in WordPress Theme

1 August 2025

Bearsthemes has released a patch addressing a critical vulnerability in a WordPress Theme, Alone. Users and administrators of affected products are advised to update to the latest versions.

Background

Bearsthemes has released a patch addressing a critical vulnerability (CVE-2025-5394) in a WordPress Theme, Alone. This vulnerability has a Common Vulnerability Scoring System (CVSSv3.1) score of 9.8 out of 10.

Impact

Successful exploitation of this vulnerability could allow an unauthenticated attacker to upload malicious files to the vulnerable WordPress site, potentially leading to remote code execution and a full site takeover.

Known Exploitation

The vulnerability is reportedly being actively exploited.

Affected Products

The vulnerability affects WordPress Theme, Alone, versions 7.8.3 and earlier.

Recommendations

Users and administrators of affected products are advised to update to the latest versions.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-5394

https://www.wordfence.com/blog/2025/07/attackers-actively-exploiting-critical-vulnerability-in-alone-theme/


Back to top