Attackers actively exploit critical zero-day in Alone WordPress Theme

A critical zero-day vulnerability (CVE-2025-5394, CVSS 9.8) in the Alone – Charity Multipurpose Non-profit WordPress Theme is being actively exploited by threat actors. The theme has over 9,000 installations.