CVE-2025-5393
BaseFortify
Publication date: 2025-07-15
Last updated on: 2026-04-08
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| alone | charity_multipurpose_non-profit_wordpress_theme | 7.8.3 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-73 | The product allows user input to control or influence paths or file names that are used in filesystem operations. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
The vulnerability can allow attackers to delete important files on your server without authentication. This can disrupt your website's functionality and potentially allow attackers to execute remote code, leading to full compromise of your server and data.
Can you explain this vulnerability to me?
This vulnerability exists in the Alone β Charity Multipurpose Non-profit WordPress Theme up to version 7.8.3. It is caused by insufficient file path validation in the alone_import_pack_restore_data() function, allowing unauthenticated attackers to delete arbitrary files on the server. This can lead to serious consequences such as remote code execution if critical files like wp-config.php are deleted.