CVE-2026-6812 | deothemes Ona Plugin up to 1.26 on WordPress ona_activate_child_theme server-side request forgery

May 2, 2026 Yanac

A vulnerability labeled as critical has been found in deothemes Ona Plugin up to 1.26 on WordPress. This issue affects the function ona_activate_child_theme. The manipulation results in server-side request forgery.

This vulnerability is cataloged as CVE-2026-6812. The attack may be launched remotely. There is no exploit available.

The affected component should be upgraded.VulDB Recent EntriesRead More