Primary

Context

Alone Charity Multipurpose Non-Profit WordPress Theme Arbitrary File Upload Vulnerability Allowing Remote Code Execution

Vulnerability

A vulnerability in the Alone – Charity Multipurpose Non-profit WordPress Theme, all versions through 7.8.3, allows for arbitrary file uploads. This issue arises from a missing capability check in the alone_import_pack_install_plugin() function. As a result, unauthenticated attackers can upload zip files containing web shells disguised as plugins, leading to remote code execution.

Impact

Exploitation of this vulnerability allows for arbitrary file uploads, which can be used to execute malicious code on the server.

Remediation

Users are advised to update to version 7.8.5 or a newer patched version.

Added: Jul 15, 2025, 4:18 AM

Updated: Jul 15, 2025, 4:18 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

7.4

remediation

7.7

relevance

0.2

threat

0.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

7.4

remediation

7.7

relevance

0.2

threat

0.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Alone Charity Multipurpose Non-Profit WordPress Theme Arbitrary File Upload Vulnerability Allowing Remote Code Execution

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating