Date: April 28, 2020
WordPress sites running on OneTone theme are actively targeted by hackers. To exploit a vulnerability that allows them to read and write cookies to the site and create backdoor admin accounts.
The campaign has been going on since the beginning of the month and is still running.
The vulnerability is a cross-site scripting (XSS) bug in the OneTone theme. A popular but deprecated WordPress theme developed by Magee WP, available both in free and paid versions.Safety Problem Left Unfixed
The XSS vulnerability enables an attacker to inject malicious code within settings of the theme. The bug was discovered in
World of WordPress is hosted by:
While others try to add more components to their hosting to make it go faster, we decided to build our hosting cloud fast from the ground up. We did so by stripping out everything we knew was deadweight.