Bearsthemes Product Security Update Advisory (CVE-2025-5394)

Overview

 

We have released a security update to address a vulnerability in Bearsthemes products. Users of affected products are advised to update to the latest version.
 

 

Affected Products

 

CVE-2025-5394

 

Alone – Charity Multipurpose Non-profit WordPress Theme Version: 7.8.3 and below

 

 

Resolved Vulnerabilities

 

File upload vulnerability in Alone – Charity Multipurpose Non-profit WordPress Theme (CVE-2025-5394)

 

 

Vulnerability Patches

Vulnerability Patches have been made available with the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

 

CVE-2025-5394

 

Alone – Charity Multipurpose Non-profit WordPress Theme Version: 7.8.5

 

 

References

 

[1] Alone – Charity Multipurpose Non-profit WordPress Theme <= 7.8.3 – Missing Authorization to Unauthenticated Arbitrary File Upload via Plugin Installation
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-themes/alone/alone-charity-multipurpose-non-profit-wordpress-theme-783-missing-authorization-to-unauthenticated-arbitrary-file-upload-via-plugin-installation