Particle.news

Download on the App Store

Active Zero-Day Exploit of WordPress Alone Theme Sees Over 120,000 Blocked Attempts

Applying the v7.8.5 patch immediately protects sites from the unauthenticated file upload vulnerability.

Image
Image

Overview

  • Wordfence has logged and blocked 120,900 exploitation attempts of CVE-2025-5394 as of July 31, signaling ongoing attacker campaigns.
  • The flaw stems from missing nonce checks in the alone_import_pack_install_plugin() function and affects all theme versions up to 7.8.3, which was patched on June 16.
  • Attackers began exploiting the vulnerability on July 12, two days before its public disclosure, to upload webshells and PHP backdoors for remote code execution.
  • Compromised sites exhibit rogue administrator accounts, unauthorized plugin folders and full-featured file managers, with suspicious admin-ajax.php requests as key indicators.
  • Nearly 10,000 non-profit and charity sites using the premium Alone theme face elevated risk, underscoring the urgency of proactive threat monitoring.