Hackers have begun to actively target WordPress sites running the OneTone theme in an effort to exploit a vulnerability that gives them the ability to read and write cookies as well as create backdoor admin accounts.
With cross site scripting, an attacker can inject code into a website that has a harmful effect on the victims computer when the victim accesses the corresponding website. Themes are particularly popular here because it doesn’t matter which specific website the victim accesses, since the malicious code is usually embedded in elements that are displayed on every page under the entire domain.
The vulnerabilities in OneTone were discovered last September. WordPress removed the theme from the official theme catalog of its website in October. Since the developer did not respond to attempts by various security companies to contact, the details of the attack have now been made public. All WordPress users who use this theme should switch to a different layout as soon as possible to protect their visitors. Even if every developer wants to minimize errors and use secure coding principles, security gaps will inevitably arise. The task is therefore to find ways to minimize the weak points.
The Malicious Code Is Almost Always Executed
Several security companies are now observing that attacks on websites with this theme have been increasing rapidly for a week. If you use a premium theme, you should definitely check whether there is an update. If you use a free theme, you will mostly only be able to hope for good news. Most of all, plugins are affected. The good thing is that plugins are usually reliably updated. This affects all the big plugins, of which several are also affected.
Only Use Plugins That You Really Need
Delete all plugins and themes that you don’t need. A simple deactivation is not enough for protection. The new themes come without plugins. Take advantage of this and do not try to add unnecessary functions through plugins.
