Lucene search
K

226 matches found

NVD
NVD
added 2024/08/30 5:15 a.m.17 views

CVE-2024-3998

The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's shortcodes in all versions up to, and including, 27.5.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS0.00248EPSS
Exploits0References2
NVD
NVD
added 2024/08/30 5:15 a.m.24 views

CVE-2024-2694

The Betheme theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 27.5.6 via deserialization of untrusted input of the 'mfn-page-items' post meta value. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...

8.8CVSS0.00623EPSS
Exploits0References2
OSV
OSV
added 2024/08/30 5:15 a.m.5 views

CVE-2024-2694

The Betheme theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 27.5.6 via deserialization of untrusted input of the 'mfn-page-items' post meta value. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...

8.8CVSS6AI score0.00623EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/08/30 4:29 a.m.18 views

CVE-2024-2694 Betheme <= 27.5.6 - Authenticated (Contributor+) PHP Object Injection

The Betheme theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 27.5.6 via deserialization of untrusted input of the 'mfn-page-items' post meta value. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...

8.8CVSS8.8AI score0.00623EPSS
Exploits0References2
CVE
CVE
added 2024/08/30 4:29 a.m.65 views

CVE-2024-2694

CVE-2024-2694 affects Betheme (WordPress theme). It allows PHP Object Injection via deserialization of untrusted input stored in the mfn-page-items post meta, impacting all versions up to 27.5.6. Exploitation requires authentication at contributor level or higher. The description notes that there...

8.8CVSS8.8AI score0.00623EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/08/30 4:29 a.m.23 views

CVE-2024-2694 Betheme <= 27.5.6 - Authenticated (Contributor+) PHP Object Injection

The Betheme theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 27.5.6 via deserialization of untrusted input of the 'mfn-page-items' post meta value. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...

8.8CVSS0.00623EPSS
Exploits0References2
CVE
CVE
added 2024/08/30 4:29 a.m.64 views

CVE-2024-3998

CVE-2024-3998 (Betheme theme, WordPress) involves a Stored Cross-Site Scripting in Betheme up to version 27.5.6. The issue arises from insufficient input sanitization and output escaping on user-supplied shortcode attributes, enabling an authenticated attacker with contributor-level access or hig...

6.4CVSS5.6AI score0.00248EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/08/30 4:29 a.m.26 views

CVE-2024-3998 Betheme | Responsive Multipurpose WordPress & WooCommerce Theme <= 27.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's shortcodes in all versions up to, and including, 27.5.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS0.00248EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/08/30 4:29 a.m.15 views

CVE-2024-3998 Betheme | Responsive Multipurpose WordPress & WooCommerce Theme <= 27.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's shortcodes in all versions up to, and including, 27.5.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5.8AI score0.00248EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/08/30 2:48 a.m.4 views

WordPress Betheme theme <= 27.5.6 - Authenticated (Contributor+) PHP Object Injection vulnerability

Authenticated Contributor+ PHP Object Injection vulnerability discovered by Francesco Carlucci in WordPress Theme Betheme versions = 27.5.6...

8.8CVSS7.3AI score0.00623EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/08/30 2:47 a.m.4 views

WordPress Betheme theme <= 27.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Foxyyy in WordPress Theme Betheme versions = 27.5.6...

6.4CVSS5.8AI score0.00248EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/08/30 12:0 a.m.5 views

WordPress plugin Betheme 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.4CVSS5.8AI score0.00248EPSS
Exploits0References4
Patchstack
Patchstack
added 2024/08/30 12:0 a.m.11 views

WordPress Betheme Theme <= 27.5.6 is vulnerable to Cross Site Scripting (XSS)

Software Betheme Type Theme Vulnerable versions = 27.5.6 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3998 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a7af99e6040a Credits Foxyyy Required privilege...

6.4CVSS5.8AI score0.00248EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2024/08/30 12:0 a.m.5 views

WordPress plugin Betheme 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...

8.8CVSS7AI score0.00623EPSS
Exploits0References4
Patchstack
Patchstack
added 2024/08/30 12:0 a.m.17 views

WordPress Betheme Theme <= 27.5.6 is vulnerable to PHP Object Injection

Software Betheme Type Theme Vulnerable versions = 27.5.6 Fixed in 27.5.7 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-2694 Patch priority Medium CVSS severity Medium 8.5 Developer Claim ownership PSID 8e134812d3a9 Credits Francesco Carlucci Required privilege...

8.8CVSS6.8AI score0.00623EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/08/29 12:0 a.m.7 views

PT-2024-28756 · WordPress · Betheme

Name of the Vulnerable Software and Affected Versions: Betheme theme for WordPress versions up to, and including, 27.5.6 Description: The issue is a Stored Cross-Site Scripting vulnerability due to insufficient input sanitization and output escaping on user-supplied attributes in several of the...

6.4CVSS6AI score0.00248EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2024/08/29 12:0 a.m.7 views

PT-2024-21587 · WordPress · Betheme

Name of the Vulnerable Software and Affected Versions: Betheme theme for WordPress versions up to, and including, 27.5.6 Description: The issue is related to PHP Object Injection via deserialization of untrusted input of the mfn-page-items post meta value. This allows authenticated attackers with...

8.8CVSS7.3AI score0.00623EPSS
Exploits0References11
NVD
NVD
added 2024/06/19 1:15 p.m.21 views

CVE-2023-39998

Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through 27.1.1...

8.2CVSS0.00372EPSS
Exploits0References1
OSV
OSV
added 2024/06/19 1:15 p.m.15 views

CVE-2023-39998

Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through 27.1.1...

7.2CVSS5.8AI score0.00372EPSS
Exploits0References1
OSV
OSV
added 2024/06/19 12:15 p.m.4 views

CVE-2023-47770

Missing Authorization vulnerability in Muffin Group Betheme.This issue affects Betheme: from n/a through 27.1.1...

7.6CVSS5.8AI score0.00289EPSS
Exploits0References1
Rows per page
Query Builder