Skip to main content

Ona

1 CVEs product

Monthly

CVE-2026-32482 CRITICAL PATCH Act Now

An unrestricted file upload vulnerability exists in the deothemes Ona WordPress theme that allows attackers to upload web shells to affected servers. All versions of Ona prior to 1.24 are vulnerable, enabling remote code execution through malicious file uploads. This vulnerability is classified as CWE-434 (Unrestricted Upload of File with Dangerous Type) and represents a critical risk for any WordPress installation using the affected theme versions.

File Upload Ona
NVD VulDB
CVSS 3.1
9.9
EPSS
0.0%
EPSS 0% CVSS 9.9
CRITICAL PATCH Act Now

An unrestricted file upload vulnerability exists in the deothemes Ona WordPress theme that allows attackers to upload web shells to affected servers. All versions of Ona prior to 1.24 are vulnerable, enabling remote code execution through malicious file uploads. This vulnerability is classified as CWE-434 (Unrestricted Upload of File with Dangerous Type) and represents a critical risk for any WordPress installation using the affected theme versions.

File Upload Ona
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy