News

The Hacker News15h
Hackers Exploit Critical WordPress Theme Flaw to Hijack Sites via Remote Plugin Install
Critical WordPress flaw CVE-2025-5394 lets attackers take over sites using the "Alone" theme. 120K+ attempts blocked.
PC World12y
Hacker publishes alleged zero-day exploit for older Plesk versions
The hacker claims the exploit was successfully tested against Plesk 9.5.4, Plesk 9.3, Plesk 9.2, Plesk 9.0 and Plesk 8.6 used in combination with the Apache Web server software on 32-bit and 64 ...
Hackers actively exploit critical RCE in WordPress Alone theme
Threat actors are actively exploiting a critical unauthenticated arbitrary file upload vulnerability in the WordPress theme ...
Bleeping Computer1y
Hackers exploit critical RCE flaw in Bricks WordPress site builder
The security issue is due to an eval function call in the ‘prepare_query_vars_from_settings’ function, which could allow an unauthenticated user to exploit it to execute arbitrary PHP code.