The vulnerability is an improper control of code generation (CWE-94) that allows code injection within the Alone theme. An attacker who is able to send crafted input through the theme can execute arbitrary server‑side code, potentially compromising the entire WordPress installation and the underlying server. The entry states the issue as a code injection flaw; no additional attack model details are given, but the nature of the flaw indicates that execution of malicious code is possible.

Beplusthemes Alone theme versions from the earliest available release through version 7.8.3 are affected. Administrators running any of these releases should verify their installation against the mentioned version range.

The CVSS score of 10 highlights the flaw as critical, yet the EPSS score of less than 1% indicates a very low likelihood of immediate exploitation in the wild. The vulnerability is not listed in CISA KEV. Because the description does not specify a particular precondition, one can infer that the exploit may be triggered via a crafted HTTP request to the theme’s functionality, though no direct attack vector is documented. The combination of high severity and low exploit probability suggests a moderate overall risk, but given the potential impact, the flaw warrants swift remediation.