CVE-2025-54019
published 2025-08-20CVE-2025-54019: Improper Control of Generation of Code ('Code Injection') vulnerability in Beplusthemes Alone alone allows Code Injection.This issue affects Alone: from n/a…
PriorityP338medium6.5CVSS 3.1
AVNACHPRNUINSCCLILAL
EPSS
0.19%
8.5th percentile
Improper Control of Generation of Code ('Code Injection') vulnerability in Beplusthemes Alone alone allows Code Injection.This issue affects Alone: from n/a through < 7.8.5.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| bearsthemes | bears_backup | <= 2.0.0 | — |
| beplusthemes | alone | <= 7.8.5 | — |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L
vulncheck9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-52qq-78xg-p62c: Improper Control of Generation of Code ('Code Injection') vulnerability in Bearsthemes Alone allows Code Injection
ghsa_unreviewed·2025-08-20
CVE-2025-54019 [MEDIUM] CWE-94 GHSA-52qq-78xg-p62c: Improper Control of Generation of Code ('Code Injection') vulnerability in Bearsthemes Alone allows Code Injection
Improper Control of Generation of Code ('Code Injection') vulnerability in Bearsthemes Alone allows Code Injection. This issue affects Alone: from n/a through n/a.
VulnCheck
Missing Authorization
vulncheck·2025·CVSS 9.8
CVE-2025-5394 [CRITICAL] Missing Authorization
Missing Authorization
The Alone – Charity Multipurpose Non-profit WordPress Theme theme for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the alone_import_pack_install_plugin() function in all versions up to, and including, 7.8.3. This makes it possible for unauthenticated attackers to upload zip files containing webshells disguised as plugins from remote locations to achieve remote code execution. CVE-2025-54019 is likely a duplicate of this.
Affected: Bearsthemes Alone – Charity Multipurpose Non-profit
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.wordfence.com/blog/2025/07/attackers-actively-exploi
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-08-20
Published