Deothemes Ona vulnerabilities
2 known vulnerabilities affecting deothemes/ona.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2026-32482P2CRITICALCVSS 9.9≥ n/a, ≤ < 1.242026-03-25
CVE-2026-32482 [CRITICAL] CWE-434 CVE-2026-32482: Unrestricted Upload of File with Dangerous Type vulnerability in deothemes Ona ona allows Upload a W
Unrestricted Upload of File with Dangerous Type vulnerability in deothemes Ona ona allows Upload a Web Shell to a Web Server.This issue affects Ona: from n/a through < 1.24.
nvd
CVE-2026-6812P4MEDIUMCVSS 4.4≤ 1.262026-05-02
CVE-2026-6812 [MEDIUM] CWE-918 CVE-2026-6812: The Ona theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and
The Ona theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.26 via the ona_activate_child_theme. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and
nvd