All 2 CVE vulnerabilities found in Ona, with AI-generated Chinese analysis, references, and POCs.
Vendor: deothemes
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-6812 | Ona <= 1.26 - Authenticated (Administrator+) Blind Server-Side Request Forgery via 'download_link' Parameter CWE-918 | 4.4 | Medium | 2026-05-02 |
| CVE-2026-32482 | WordPress Ona theme < 1.24 - Arbitrary File Upload vulnerability CWE-434 | 9.9 | Critical | 2026-03-25 |
All 2 known CVE vulnerabilities affecting Ona with full Chinese analysis, references, and POCs where available.