We just got hacked and we were notified of a vulnerability with the theme (and they since got into the code and confirmed you guys were hacked). Please advise asap!
We are writing you today to notify you about a security vulnerability which was discovered in the Newspaper-x theme that was detected on one or more of your websites.
This theme is affected by an unauthenticated function injection issue which due to the lack of capability and CSRF nonce checks in AJAX actions.
This affects versions prior to 1.3.2.
We recommend updating this theme immediately to the latest version.
The following is a list of affected sites we have determined that you currently have access to in MyKinsta.
This vulnerability may exist on both live and staging environments. We recommend that both are checked and updated.
If you have any questions, please feel free to reach out to our Support team.
Thank you for being a Kinsta customer!