WordPress OneTone theme <= 3.0.6 – Unauthenticated Options Changes

includes/theme-functions.php in the OneTone theme through 3.0.6 for WordPress allows unauthenticated options changes. id: CVE-2019-17230 info: name: WordPress OneTone theme = 3.0.6 – Unauthenticated Options Changes author: daffainfo severity: medium description: | includes/theme-functions.php in...

CVE-2019-17230

includes/theme-functions.php in the OneTone theme through 3.0.6 for WordPress allows unauthenticated options changes...

CVE-2019-17230

creationtimestamp| type| source ---|---|--- 2020-04-03 19:28:24+00:00| seen| https://t.me/cibsecurity/10990 2025-09-17 11:33:05+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2019/CVE-2019-17230.yaml 2025-09-18 21:02:25+00:00| seen|...

CVE-2019-17230

The CVE-2019-17230 vulnerability affects WordPress users of the OneTone theme up to version 3.0.6, where the file includes/theme-functions.php allows unauthenticated changes to theme options. This can enable unauthenticated attackers to modify site options (e.g., content or behavior) and is class...