Total
4 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-45353 | 1 Muffingroup | 1 Betheme | 2023-01-24 | N/A | 8.1 HIGH |
Broken Access Control in Betheme theme <= 26.6.1 on WordPress. | |||||
CVE-2022-3861 | 1 Muffingroup | 1 Betheme | 2022-11-30 | N/A | 8.8 HIGH |
The Betheme theme for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 26.5.1.4 via deserialization of untrusted input supplied via the import, mfn-items-import-page, and mfn-items-import parameters passed through the mfn_builder_import, mfn_builder_import_page, importdata, importsinglepage, and importfromclipboard functions. This makes it possible for authenticated attackers, with contributor level permissions and above to inject a PHP Object. The additional presence of a POP chain would make it possible for attackers to execute code, retrieve sensitive data, delete files, etc.. | |||||
CVE-2022-45363 | 1 Muffingroup | 1 Betheme | 2022-11-28 | N/A | 5.4 MEDIUM |
Auth. (subscriber+) Stored Cross-Site Scripting (XSS) in Muffingroup Betheme theme <= 26.6.1 on WordPress. | |||||
CVE-2022-45077 | 1 Muffingroup | 1 Betheme | 2022-11-18 | N/A | 8.8 HIGH |
Auth. (subscriber+) PHP Object Injection vulnerability in Betheme theme <= 26.5.1.4 on WordPress. |