Description

WordPress Theme OneTone is prone to an unauthenticated Stored Cross-Site Scripting vulnerability in version 3.0.6 and below.

Remediation

Remove the theme from your WordPress installation.

References

Vulnerability Information at wpvulndb.com

Unauthenticated stored XSS vulnerability in WordPress OneTone theme

OneTone Vulnerability Leads to JavaScript Cookie Hijacking

Related Vulnerabilities

WordPress Plugin WooCommerce Product Feed for Google, Facebook, eBay and Many More Cross-Site Scripting (3.1.14)

WordPress Plugin WP-FaceThumb Cross-Site Scripting (1.0)

WordPress Plugin WordPress Form Customizer-CF7 Customizer Cross-Site Scripting (1.6.1)

WordPress Plugin Email Subscribers by Icegram Express-Email Marketing, Newsletters, Automation for WordPress & WooCommerce Cross-Site Scripting (4.1.6)

WordPress Plugin MC4WP:Mailchimp for WordPress Cross-Site Scripting (4.1.6)

Severity

High

Classification

CVE-2019-17230 CVE-2019-17231 CWE-79 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

XSS