WordPress: Vulnerabilities in OneTone Theme and in Plugin

[German]Currently, an outdated theme (OneTone) and the plugin Real-Time Find and Replace massively endanger the security of WordPress installations. Anyone using these elements must take urgent action – the vulnerabilities are actively exploited.


Advertising

OneTone Theme under attack

WordPress users who use the OneTone theme, which has not been updated for years (there are currently 20,000 installations), should urgently replace it with an alternate thema. The theme contains a cross-site scripting vulnerability, the detailsare disclosed here. This theme allows attackers to inject malicious code via the open tabs of web admins in a WordPress blog. The vulnerability is under attacked in the wild. 

Plugin Real-Time Find and Replace

The second problem is the plugin Real-Time Find and Replace, which is used on 100,000 pages. The plugin allows to dynamically exchange text and content during page retrieval. Wordfence has published this report,  which points out an XSS vulnerability discovered on April 22, 2020. The developers of the plugin have closed the vulnerability in the released version 4.0.2. Bleeping Computer has an article on the subject here.


Advertising

This entry was posted in Security, Software and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).