CVE-2025-52718
BaseFortify
Publication date: 2025-07-04
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-52718 is a high-priority Arbitrary Code Execution vulnerability in the WordPress Alone Theme (versions up to 7.8.2). It allows unauthenticated attackers to remotely execute malicious code on affected websites by exploiting improper control of code generation, classified as a Code Injection issue. This means attackers can run harmful code on your site without needing any permissions. [1]
How can this vulnerability impact me? :
This vulnerability can allow attackers to remotely execute arbitrary code on your website without authentication, potentially leading to unauthorized control over your site, data breaches, defacement, or further exploitation. It poses a significant security risk due to its ease of exploitation and severity. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves monitoring for signs of remote code execution attempts targeting the WordPress Alone Theme up to version 7.8.2. Since the vulnerability allows unauthenticated remote code inclusion, network intrusion detection systems (IDS) or web application firewalls (WAF) can be configured to look for suspicious HTTP requests attempting code injection patterns. Additionally, server-side malware scanning is recommended for compromised systems, as plugin-based scanners may be unreliable due to potential tampering by malware. Specific commands are not provided in the resources. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying the virtual patch (vPatch) provided by Patchstack, which blocks attacks targeting this vulnerability until the official fixed version is applied. Users should update the WordPress Alone Theme to version 7.8.5 or later as soon as possible to fully resolve the issue. In case of suspected compromise, professional incident response and server-side malware scanning are recommended. [1]