Subscribe Us

WARNING :OneTone Wordpress Theme Vulnerable leaving Your to be Hijacked (XSS)

OneTone is one of the most popular and amazing theme for wordpress, it known to be compatible with any website projects.It can be used for personal & and business used ,the theme can be used alongside Elementor to build page, woocomerce and Contact form 7.


The vulnerabilies is a cross site scripting (XSS)discovered by NinTechNet's Jerome Bruandet last year and was reported  the wordpress and the author of the theme .The Wp OneTone template, with over  20,000 + active installs, is vulnerable to an unencrypted vulnerability in import settings which could lead to a lot XSS stored or backdoor to hackers  in version 3.0.6 or lower.

Due to the Unauthenticated the hacker can inject a javascript code on all post on the website 
Unauthenticated the hacker
hackers can used this same technic to target website admin when they login into the admin panel to gain access .
hackers can used this same technic to target website admin when they login into the admin panel to gain access .

though OneTone author hasnt released a patched after this vulnerabilite was reported it advised to remove the theme from your wordpress website Or can used wp firewall or  NinjaFirewall plugin to help protect your site from such attack.

Post a Comment

Previous Post Next Post