PT-2025-29535 · WordPress · Alone – Charity Multipurpose Non-Profit Wordpress Theme

Thái An

Published

2025-07-15

Updated

2026-04-08

CVE-2025-5393

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Name of the Vulnerable Software and Affected Versions Alone – Charity Multipurpose Non-profit WordPress Theme versions up to and including 7.8.3

Description The Alone – Charity Multipurpose Non-profit WordPress Theme is vulnerable to arbitrary file deletion due to insufficient file path validation in the alone import pack restore data() function. This allows unauthenticated attackers to delete arbitrary files on the server, potentially leading to remote code execution if critical files, such as wp-config.php, are deleted.

Recommendations Alone – Charity Multipurpose Non-profit WordPress Theme versions prior to 7.8.4 should be updated.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-73

Related Identifiers

CVE-2025-5393

Affected Products

Alone – Charity Multipurpose Non-Profit Wordpress Theme

CVE-2025-5393

Weakness Enumeration

Related Identifiers

Affected Products

References · 10