Filtered by vendor Muffingroup
Subscriptions
Filtered by product Betheme
Subscriptions
Total
5 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-45363 | 1 Muffingroup | 1 Betheme | 2023-11-07 | 5.4 Medium |
| Auth. (subscriber+) Stored Cross-Site Scripting (XSS) in Muffingroup Betheme theme <= 26.6.1 on WordPress. | ||||
| CVE-2022-45353 | 1 Muffingroup | 1 Betheme | 2023-11-07 | 8.1 High |
| Broken Access Control in Betheme theme <= 26.6.1 on WordPress. | ||||
| CVE-2022-3861 | 1 Muffingroup | 1 Betheme | 2023-11-07 | 8.8 High |
| The Betheme theme for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 26.5.1.4 via deserialization of untrusted input supplied via the import, mfn-items-import-page, and mfn-items-import parameters passed through the mfn_builder_import, mfn_builder_import_page, importdata, importsinglepage, and importfromclipboard functions. This makes it possible for authenticated attackers, with contributor level permissions and above to inject a PHP Object. The additional presence of a POP chain would make it possible for attackers to execute code, retrieve sensitive data, delete files, etc.. | ||||
| CVE-2023-29101 | 1 Muffingroup | 1 Betheme | 2023-05-16 | 6.1 Medium |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Muffingroup Betheme theme <= 26.7.5 versions. | ||||
| CVE-2022-45077 | 1 Muffingroup | 1 Betheme | 2022-11-18 | 8.8 High |
| Auth. (subscriber+) PHP Object Injection vulnerability in Betheme theme <= 26.5.1.4 on WordPress. | ||||
Page 1 of 1.