226 matches found
CVE-2024-3998
The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's shortcodes in all versions up to, and including, 27.5.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2024-2694
The Betheme theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 27.5.6 via deserialization of untrusted input of the 'mfn-page-items' post meta value. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...
CVE-2024-2694
The Betheme theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 27.5.6 via deserialization of untrusted input of the 'mfn-page-items' post meta value. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...
CVE-2024-2694 Betheme <= 27.5.6 - Authenticated (Contributor+) PHP Object Injection
The Betheme theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 27.5.6 via deserialization of untrusted input of the 'mfn-page-items' post meta value. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...
CVE-2024-2694
CVE-2024-2694 affects Betheme (WordPress theme). It allows PHP Object Injection via deserialization of untrusted input stored in the mfn-page-items post meta, impacting all versions up to 27.5.6. Exploitation requires authentication at contributor level or higher. The description notes that there...
CVE-2024-2694 Betheme <= 27.5.6 - Authenticated (Contributor+) PHP Object Injection
The Betheme theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 27.5.6 via deserialization of untrusted input of the 'mfn-page-items' post meta value. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...
CVE-2024-3998
CVE-2024-3998 (Betheme theme, WordPress) involves a Stored Cross-Site Scripting in Betheme up to version 27.5.6. The issue arises from insufficient input sanitization and output escaping on user-supplied shortcode attributes, enabling an authenticated attacker with contributor-level access or hig...
CVE-2024-3998 Betheme | Responsive Multipurpose WordPress & WooCommerce Theme <= 27.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's shortcodes in all versions up to, and including, 27.5.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2024-3998 Betheme | Responsive Multipurpose WordPress & WooCommerce Theme <= 27.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's shortcodes in all versions up to, and including, 27.5.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
WordPress Betheme theme <= 27.5.6 - Authenticated (Contributor+) PHP Object Injection vulnerability
Authenticated Contributor+ PHP Object Injection vulnerability discovered by Francesco Carlucci in WordPress Theme Betheme versions = 27.5.6...
WordPress Betheme theme <= 27.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Foxyyy in WordPress Theme Betheme versions = 27.5.6...
WordPress plugin Betheme 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
WordPress Betheme Theme <= 27.5.6 is vulnerable to Cross Site Scripting (XSS)
Software Betheme Type Theme Vulnerable versions = 27.5.6 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3998 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a7af99e6040a Credits Foxyyy Required privilege...
WordPress plugin Betheme 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...
WordPress Betheme Theme <= 27.5.6 is vulnerable to PHP Object Injection
Software Betheme Type Theme Vulnerable versions = 27.5.6 Fixed in 27.5.7 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-2694 Patch priority Medium CVSS severity Medium 8.5 Developer Claim ownership PSID 8e134812d3a9 Credits Francesco Carlucci Required privilege...
PT-2024-28756 · WordPress · Betheme
Name of the Vulnerable Software and Affected Versions: Betheme theme for WordPress versions up to, and including, 27.5.6 Description: The issue is a Stored Cross-Site Scripting vulnerability due to insufficient input sanitization and output escaping on user-supplied attributes in several of the...
PT-2024-21587 · WordPress · Betheme
Name of the Vulnerable Software and Affected Versions: Betheme theme for WordPress versions up to, and including, 27.5.6 Description: The issue is related to PHP Object Injection via deserialization of untrusted input of the mfn-page-items post meta value. This allows authenticated attackers with...
CVE-2023-39998
Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through 27.1.1...
CVE-2023-39998
Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through 27.1.1...
CVE-2023-47770
Missing Authorization vulnerability in Muffin Group Betheme.This issue affects Betheme: from n/a through 27.1.1...