Title: Theme automatically restoring defaults
Last modified: April 13, 2020

---

# Theme automatically restoring defaults

 *  [neycza](https://wordpress.org/support/users/neycza/)
 * (@neycza)
 * [6 years ago](https://wordpress.org/support/topic/theme-automatically-restoring-defaults/)
 * I have problem with onetone theme, when im doing changes in theme after 5-30 
   minutes theme automatically restoring defaults. I even installed fresh wordpress
   and reinstalled onetone theme

Viewing 3 replies - 1 through 3 (of 3 total)

 *  [reklamnet](https://wordpress.org/support/users/reklamnet/)
 * (@reklamnet)
 * [6 years ago](https://wordpress.org/support/topic/theme-automatically-restoring-defaults/#post-12691229)
 * The WordPress OneTone theme, which has 20,000+ active installations, is prone
   to an unauthenticated settings import vulnerability that could lead to multiple
   stored XSS in version 3.0.6 and below. The issue was reported to the wordpress.
   org theme team on September 11, 2019 and the theme was permanently removed from
   the repo in October 10, 2019.
 *  Thread Starter [neycza](https://wordpress.org/support/users/neycza/)
 * (@neycza)
 * [6 years ago](https://wordpress.org/support/topic/theme-automatically-restoring-defaults/#post-12693649)
 * Thank you for your reply
 *  [Ov3rfly](https://wordpress.org/support/users/ov3rfly/)
 * (@ov3rfly)
 * [5 years, 10 months ago](https://wordpress.org/support/topic/theme-automatically-restoring-defaults/#post-12998596)
 * FYI, besides the import vulnerability there are also two more unauthenticated
   ajax endpoints in free version of theme:
 * `onetone_otpions_restore` (no typo) – delete all current settings
 * `onetone_create_frontpage` – reset frontpage settings to default
 * No data can be inserted via those two but they allow some vandalism.
 * More problems are in pro version but no discussion about those due to forum rules.

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Theme automatically restoring defaults’ is closed to new replies.

 * ![](https://i0.wp.com/themes.svn.wordpress.org/onetone/3.0.6/screenshot.jpg)
 * onetone
 * [Support Threads](https://wordpress.org/support/theme/onetone/)
 * [Active Topics](https://wordpress.org/support/theme/onetone/active/)
 * [Unresolved Topics](https://wordpress.org/support/theme/onetone/unresolved/)
 * [Reviews](https://wordpress.org/support/theme/onetone/reviews/)

## Tags

 * [action](https://wordpress.org/support/topic-tag/action/)
 * [ajax](https://wordpress.org/support/topic-tag/ajax/)

 * 3 replies
 * 3 participants
 * Last reply from: [Ov3rfly](https://wordpress.org/support/users/ov3rfly/)
 * Last activity: [5 years, 10 months ago](https://wordpress.org/support/topic/theme-automatically-restoring-defaults/#post-12998596)
 * Status: not resolved