Critical zero-day vulnerability in WordPress “Alone” theme is being actively exploited in the wild.
Posted inCybersecurity News

Critical zero-day vulnerability in WordPress “Alone” theme is being actively exploited in the wild.

A critical zero-day vulnerability (CVE-2025-5394) found in the widely used "Alone – Charity Multipurpose Non-profit WordPress Theme" is currently being actively exploited in the wild, putting thousands of WordPress sites at significant risk. This severe security flaw enables unauthenticated attackers to remotely upload arbitrary files and achieve full remote code execution (RCE), often resulting in complete site compromise.
Popular WordPress plugin Gravity Forms compromised in supply-chain attack.
Posted inCybersecurity News

Popular WordPress plugin Gravity Forms compromised in supply-chain attack.

The popular WordPress plugin Gravity Forms has been compromised in a supply-chain attack. For a brief window in July 2025, attackers managed to infect the manual installer packages available for download from the official Gravity Forms website with a backdoor. This incident did not affect automatic updates or installations performed through the built-in plugin updater, only manual downloads and composer installations.
Multiple critical vulnerabilities found in Forminator WordPress plugin could impact up to 600,000 websites.
Posted inCybersecurity News

Multiple critical vulnerabilities found in Forminator WordPress plugin could impact up to 600,000 websites.

A series of critical vulnerabilities have been discovered in the popular Forminator WordPress plugin, which is used by hundreds of thousands of websites to create contact forms, payment forms, and other interactive elements. These vulnerabilities have put over 400,000 to 600,000 WordPress websites at risk of remote takeover and other severe attacks.