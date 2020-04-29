Following a report by ZDNet, hackers are actively targeting WordPress sites running the OneTone theme to exploit a vulnerability that allows them to read and write site cookies and create backdoor admin accounts. The campaign has been going since the start of the month, and it’s still underway. The vulnerability is a cross-site scripting (XSS) bug in OneTone, a popular but now deprecated WordPress theme developed by Magee WP, available in both free and paid versions. The XSS vulnerability allows an attacker to inject malicious code inside the theme’s settings.
EXPERTS COMMENTS
Stuart Sharp, VP of Solution Engineering, OneLogin
April 29, 2020
Considering that over 75 million sites use WordPress, it’s not surprising that it’s a prime target for hackers searching out vulnerabilities.
Considering that over 75 million sites use WordPress, it's not surprising that it's a prime target for hackers searching out vulnerabilities. At the moment, bad actors are targeting sites running the OneTone theme to exploit a vulnerability that allows them to create backdoor admin accounts or inject malicious code inside the theme's settings. For organiations running multiple WordPress sites, they should prioritise work based on a risk assessment of the services offered by each exposed website, e.g. payment processing, authentication credentials and PII data. Keeping on top of security alerts and taking timely action in response to published vulnerabilities is vital. In addition, Multi-Factor Authentication (MFA) should be enforced across all applications to reduce the impact of attacks like this, particularly for administrator access.
Hugo Van den Toorn, Manager, Offensive Security , Outpost24
April 29, 2020
With a plethora of useful themes, web components and libraries we often rely on third-parties.
This vulnerability emphasises the importance of understanding what components your web applications are using. Although often deemed a tedious job to keep track of all components, this is a good example of how 'forgotten' components become obsolete security issues. With a plethora of useful themes, web components and libraries we often rely on third-parties. This might unknowingly cause dependency issues or -as with this case- result in serious vulnerabilities in our web applications. Although it is good to 'stand on the shoulder of giants' and use templates, themes, plugins build and proven by others. You should also ensure to pick a trustworthy and reputable giant to stand on.
