Hackers Exploit Critical WordPress Theme Flaw to Hijack Sites via Remote Plugin Install

The vulnerability, tracked as CVE-2025-5394, carries a CVSS score of 9.8. Security researcher Thái An has been credited with discovering and reporting the bug.