Flaw in defunct WordPress plugin exploited to create backdoor

A vulnerability in the defunct OneTone WordPress theme plugin is being exploited to compromise entire sites while installing backdoor admin accounts.
This post appeared first on Naked Security Blog by Sophos
Author: John E Dunn