- Home
- Alerts & Advisories
- Alerts
- Critical Vulnerability in WordPress Theme
Critical Vulnerability in WordPress Theme
1 August 2025
Bearsthemes has released a patch addressing a critical vulnerability in a WordPress Theme, Alone. Users and administrators of affected products are advised to update to the latest versions.
Background
Bearsthemes has released a patch addressing a critical vulnerability (CVE-2025-5394) in a WordPress Theme, Alone. This vulnerability has a Common Vulnerability Scoring System (CVSSv3.1) score of 9.8 out of 10.
Impact
Successful exploitation of this vulnerability could allow an unauthenticated attacker to upload malicious files to the vulnerable WordPress site, potentially leading to remote code execution and a full site takeover.
Known Exploitation
The vulnerability is reportedly being actively exploited.
Affected Products
The vulnerability affects WordPress Theme, Alone, versions 7.8.3 and earlier.
Recommendations
Users and administrators of affected products are advised to update to the latest versions.
References
https://nvd.nist.gov/vuln/detail/CVE-2025-5394