Hackers Create Security Flaws on WordPress Sites Using OneTone Theme

Hackers Create Security Flaws on WordPress Sites Using OneTone Theme

Author: ZoneWP

Date: April 28, 2020 

Category: Plugin development, SEO, Security, Tips and tricks, Tutorials, Webhosting

(advertorial)

wprssaggregator Hackers Create Security Flaws on WordPress Sites Using OneTone Theme

WordPress sites running on OneTone theme are actively targeted by hackers. To exploit a vulnerability that allows them to read and write cookies to the site and create backdoor admin accounts.

The campaign has been going on since the beginning of the month and is still running.

The vulnerability is a cross-site scripting (XSS) bug in the OneTone theme. A popular but deprecated WordPress theme developed by Magee WP, available both in free and paid versions.

Safety Problem Left Unfixed

The XSS vulnerability enables an attacker to inject malicious code within settings of the theme. The bug was discovered in

This is the first part of the original article by ZoneWP.
Click here to read the full article in a new tab!

(advertorial)

toolset logo tag line white Hackers Create Security Flaws on WordPress Sites Using OneTone Theme

Next post:


Hackers Create Security Flaws on WordPress Sites Using OneTone Theme

World of WordPress is hosted by:

Servebolt: next level high performance hosting.

While others try to add more components to their hosting to make it go faster, we decided to build our hosting cloud fast from the ground up. We did so by stripping out everything we knew was deadweight.