[German]Currently, an outdated theme (OneTone) and the plugin Real-Time Find and Replace massively endanger the security of WordPress installations. Anyone using these elements must take urgent action – the vulnerabilities are actively exploited.
Advertising
OneTone Theme under attack
WordPress users who use the OneTone theme, which has not been updated for years (there are currently 20,000 installations), should urgently replace it with an alternate thema. The theme contains a cross-site scripting vulnerability, the detailsare disclosed here. This theme allows attackers to inject malicious code via the open tabs of web admins in a WordPress blog. The vulnerability is under attacked in the wild.
Plugin Real-Time Find and Replace
The second problem is the plugin Real-Time Find and Replace, which is used on 100,000 pages. The plugin allows to dynamically exchange text and content during page retrieval. Wordfence has published this report, which points out an XSS vulnerability discovered on April 22, 2020. The developers of the plugin have closed the vulnerability in the released version 4.0.2. Bleeping Computer has an article on the subject here.
