Code Injection Vulnerability in Bearsthemes Alone Product
CVE-2025-52718

7.2HIGH

Key Information:

Vendor: WordPress
Status: Alone
Vendor: CVE Published:; 4 July 2025

What is CVE-2025-52718?

A vulnerability in the Bearsthemes Alone product allows for remote code inclusion due to improper control over code generation. This issue could lead to unauthorized access and execution of arbitrary code, putting users and their data at risk. The versions affected range from n/a to 7.8.2, making it crucial for users to apply necessary updates and patches to safeguard their systems.

Affected Version(s)

Alone <= 7.8.2

References

https://patchstack.com/database/wordpress/theme/alone/vul...

vdb-entry

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 4, 2025
Vulnerability Reserved
Jun 19, 2025

Credit

Trương Hữu Phúc (truonghuuphuc) (Patchstack Alliance)