Theme automatically restoring defaults

  • I have problem with onetone theme, when im doing changes in theme after 5-30 minutes theme automatically restoring defaults. I even installed fresh wordpress and reinstalled onetone theme

Viewing 3 replies - 1 through 3 (of 3 total)

  • The WordPress OneTone theme, which has 20,000+ active installations, is prone to an unauthenticated settings import vulnerability that could lead to multiple stored XSS in version 3.0.6 and below. The issue was reported to the www.remarpro.com theme team on September 11, 2019 and the theme was permanently removed from the repo in October 10, 2019.

    Thread Starter neycza

    (@neycza)

    Thank you for your reply

    FYI, besides the import vulnerability there are also two more unauthenticated ajax endpoints in free version of theme:

    onetone_otpions_restore (no typo) – delete all current settings

    onetone_create_frontpage – reset frontpage settings to default

    No data can be inserted via those two but they allow some vandalism.

    More problems are in pro version but no discussion about those due to forum rules.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Theme automatically restoring defaults’ is closed to new replies.