Threat actors are actively exploiting a critical unauthenticated arbitrary file upload vulnerability in the WordPress theme 'Alone,' to achieve remote code execution and perform a full site takeover.

Wordfence is reporting the malicious activity, saying it has blocked over 120,000 exploitation attempts targeting its customers.

The WordPress security firm also reports that the attacks started several days before public disclosure of the flaw, indicating that threat actors are monitoring changelogs and patches to discover trivially exploitable issues before alerts are sent to website owners.