CVE-2025-52718 – WordPress Alone <= 7.8.2 - Arbitrary Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2025-52718

01 Jul 2025 — Improper Control of Generation of Code ('Code Injection') vulnerability in Bearsthemes Alone allows Remote Code Inclusion. This issue affects Alone: from n/a through 7.8.2. The Alone – Charity Multipurpose Non-profit WordPress Theme theme for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 7.8.2. This makes it possible for unauthenticated attackers to execute code on the server. CVE-2025-54019 may be a duplicate of this issue, it is unclear how there may be any differe... • https://patchstack.com/database/wordpress/theme/alone/vulnerability/wordpress-alone-7-8-2-arbitrary-code-execution-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •