Bleeping Computer

Hackers actively exploit critical RCE in WordPress Alone theme

Threat actors are actively exploiting a critical unauthenticated arbitrary file upload vulnerability in the WordPress theme 'Alone,' to achieve remote code execution and perform a full site takeover.