CVE-2019-17230

MEDIUM EXPLOITED NUCLEI

OneTone <3.0.6 - Unauthenticated Options Change

Title source: llm

Description

includes/theme-functions.php in the OneTone theme through 3.0.6 for WordPress allows unauthenticated options changes.

Nuclei Templates (1)

WordPress OneTone theme <= 3.0.6 – Unauthenticated Options Changes
MEDIUMVERIFIEDby daffainfo

References (1)

Scores

CVSS v3 5.3
EPSS 0.0752
EPSS Percentile 91.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Details

VulnCheck KEV 2020-04-15
Status published
Products (1)
mageewp/onetone < 3.0.6
Published Apr 03, 2020
Tracked Since Feb 18, 2026