A critical security vulnerability has been discovered in the popular “Alone” WordPress theme that allows unauthenticated attackers to execute arbitrary code remotely and potentially take complete control of affected websites.
The vulnerability, tracked as CVE-2025-5394, affects the charity and non-profit theme which has been sold over 9,000 times on ThemeForest
https://gbhackers.com/wordpress-theme-s ... erability/