- Something-The WordPress Theme Non-Profit Multipurpose of Charity has a defect of 9.8/10
- The error allows criminals to create rogue administration accounts
- More than 120,000 acquisition attempts already blocked
The “non -profit WordPress issue of charity multipurpose”, a commercial theme used on many WordPress websites, contained a critical vulnerability that allowed threat actors to completely assume the website, experts warned.
The WordPress issue, designed for beneficial organizations, NGOs and fundraising campaigns, presents more than 40 demonstrations ready to use, integration of donations and compatibility with Elementor and WPBAKERY.
According to Themetix, around 200 WordPress active sites are running this topic today.
Continuous attacks
Wordfence researchers claim that the exploitation began on July 12, two days before vulnerability was publicly revealed. Until now, the company blocked more than 120,000 attempts to exploit almost a dozen different IP addresses.
In attacks, threat actors try to load a ZIP file with a PHP -based back door that gives them remote code execution capabilities, as well as the ability to load arbitrary files. Crooks also used the defect to deliver backs doors that can create additional administration accounts.
All versions of up to 7.8.3 contained a vulnerability that allowed threat actors to load arbitrary files, including malware that can create administration accounts. In this way, criminals can take care of the websites and use them to house other malware, redirect visitors to other malicious pages, serve Phishing’s destination and more.
Vulnerability is now tracked as CVE-2025-4394, and has a gravity score of 9.8/10 (critic). It was addressed in version 7.8.5, which was launched on June 16, 2025. If you are using this issue, it would be advisable to update it as soon as possible, since the error is actively exploited in nature.
WordPress is generally considered a safe platform for website builder, but third -party topics and accessories, not so much. That is why security professionals advise WordPress users to only maintain accessories and issues they actively use, and make sure they are always updated.
Through The hacker news
