- Lonely-charities multi-purpose non-profit WordPress theme is a flaw of 9.8/10
- Big Bully allows to create bullying Admin Accounts
- Already more than 120,000 tech -overs efforts have been blocked
Experts have warned that “alone-charity multi-purpose non-profit WordPress theme”, which is a trading theme used in many WordPress websites, has a significant threat that allows actors to completely occupy the website, experts have warned.
The WordPress theme, designed for charity, NGOs, and fundraising campaigns, features more than 40 developed demo, donation integration, and element and WP bakery.
According to the Thmetics, around 200 active WordPress sites are running this theme today.
You can like
Ongoing attack
Researchers in Wordfans claim that the exploitation began on July 12, two days before the danger, two days ago, the threat was revealed. So far, the company has stopped trying to exploit more than 120,000 from about a dozen different IP addresses.
In attacks, the danger actor tries to upload zip archive with a PHP -based backdoor, which gives him the ability to upload remote code, as well as uploading discretionary files. The bullying also used the flaws to supply backdoor that can make admin accounts extra.
All versions up to 7.8.3 were a risk that allows threatening actors to be allowed to upload discretion files, including malware that can create admin accounts. In this way, bullying websites can be fully handled and use them to host other malware, send visitors to other malicious pages, serve fashing landing pages and much more.
The weakness has now been tracked as CV-2025-4394, and its severity score is 9.8/10 (important). It was addressed in version 7.8.5, which was released on June 16, 2025. If you are using this theme, it would be wise to update it as soon as possible, as the bug is being actively exploited in the wild.
WordPress is generally considered a secure website Builder platform, but third -party topics and plugins – not so much. This is why security professionals advise WordPress users to actively use plugin and themes, and make sure they are always the latest.
By Hacker news
