10 matches found
CVE-2026-6812
The Ona theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.26 via the onaactivatechildtheme. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to arbitrary locations originating...
CVE-2026-6812
The Ona theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.26 via the onaactivatechildtheme. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to arbitrary locations originating...
CVE-2026-6812
The CVE-2026-6812 entry concerns the Ona theme for WordPress. A Server-Side Request Forgery (SSRF) is possible in all versions up to and including 1.26 via ona_activate_child_theme, enabling authenticated attackers with administrator-level access to make outbound requests from the web application...
CVE-2026-6812 Ona <= 1.26 - Authenticated (Administrator+) Blind Server-Side Request Forgery via 'download_link' Parameter
The Ona theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.26 via the onaactivatechildtheme. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to arbitrary locations originating...
CVE-2026-6812 Ona <= 1.26 - Authenticated (Administrator+) Blind Server-Side Request Forgery via 'download_link' Parameter
The Ona theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.26 via the onaactivatechildtheme. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to arbitrary locations originating...
EUVD-2026-26747
The Ona theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.26 via the onaactivatechildtheme. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to arbitrary locations originating...
CVE-2026-32482 WordPress Ona theme < 1.24 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in deothemes Ona ona allows Upload a Web Shell to a Web Server.This issue affects Ona: from n/a through 1.24...
CVE-2026-32482
CVE-2026-32482 affects WordPress Ona theme versions prior to 1.24. The issue is Unrestricted Upload of File with Dangerous Type, allowing an attacker to upload a web shell to the web server via the Ona plugin/theme. Relevant sources report a high-severity CVSS v3.1 base score of 9.9 (AV:N/AC:L/PR...
WordPress Ona theme < 1.24 - Arbitrary File Upload vulnerability
Arbitrary File Upload vulnerability discovered by Phat RiO in WordPress Theme Ona versions 1.24...
WordPress Ona Theme < 1.18.3 is vulnerable to Cross Site Scripting (XSS)
Software Ona Type Theme Vulnerable versions 1.18.3 Fixed in 1.18.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2d8e2d709222 Credits Rafie Muhammad Patchstack Required privilege...