CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added yesterday•4 views

CVE-2026-6261

The Betheme theme for WordPress is vulnerable to Arbitrary File Upload in versions up to, and including, 28.4. This is due to the uploadicons function workflow moving and unzipping user-controlled ZIP files into a public uploads directory without validating extracted file types. This makes it...

8.8CVSS6.4AI score0.00264EPSS

Patchstack•added 2026/05/06 2:14 p.m.•7 views

WordPress Betheme theme <= 28.4 - Authenticated (Author+) Arbitrary File Upload to Remote Code Execution vulnerability

Authenticated Author+ Arbitrary File Upload to Remote Code Execution vulnerability discovered by Wordfence in WordPress Theme Betheme versions = 28.4...

8.8CVSS5.9AI score0.00264EPSS

Exploits0References1Affected Software1

EUVD•added 2026/05/05 12:31 p.m.•5 views

EUVD-2026-27301

EUVD•added 2026/05/05 12:31 p.m.•0 views

EUVD-2026-27303

NVD•added 2026/05/05 12:16 p.m.•9 views

CVE-2026-6261

8.8CVSS0.00264EPSS

NVD•added 2026/05/05 12:16 p.m.•2 views

CVE-2026-6262

6.5CVSS0.0007EPSS

Vulnrichment•added 2026/05/05 11:25 a.m.•1 views

CVE-2026-6261 Betheme <= 28.4 - Authenticated (Author+) Arbitrary File Upload to Remote Code Execution via Icon Pack Upload

Cvelist•added 2026/05/05 11:25 a.m.•28 views

CVE-2026-6261 Betheme <= 28.4 - Authenticated (Author+) Arbitrary File Upload to Remote Code Execution via Icon Pack Upload

8.8CVSS0.00264EPSS

CVE•added 2026/05/05 11:25 a.m.•5 views

CVE-2026-6261

The Betheme theme for WordPress (up to version 28.4) is vulnerable to Arbitrary File Upload via the upload_icons workflow. The root cause is that user-controlled ZIPs are moved and unzip’ed into a public uploads directory without validating extracted file types. Authenticated attackers with autho...

ATTACKERKB•added 2026/05/05 11:25 a.m.•2 views

CVE-2026-6261

Cvelist•added 2026/05/05 11:24 a.m.•26 views

CVE-2026-6262 Betheme <= 28.4 - Authenticated (Contributor+) Arbitrary File Deletion via 'mfn-icon-upload'

6.5CVSS0.0007EPSS

Vulnrichment•added 2026/05/05 11:24 a.m.•1 views

CVE-2026-6262 Betheme <= 28.4 - Authenticated (Contributor+) Arbitrary File Deletion via 'mfn-icon-upload'

ATTACKERKB•added 2026/05/05 11:24 a.m.•1 views

CVE-2026-6262

CVE•added 2026/05/05 11:24 a.m.•5 views

CVE-2026-6262

CVE-2026-6262 affects the Betheme theme for WordPress. The vulnerability arises in the upload_icons() workflow which uses a user-controlled path (mfn-icon-upload) in a filesystem move, not restricting to the uploads directory, enabling arbitrary file deletion via path traversal. Affected: Betheme...

CNNVD•added 2026/05/05 12:0 a.m.•2 views

WordPress plugin Betheme 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There we...

8.8CVSS6.2AI score0.00264EPSS

Positive Technologies•added 2026/05/05 12:0 a.m.•4 views

PT-2026-37030

Name of the Vulnerable Software and Affected Versions Betheme versions prior to 28.5 Description The Betheme theme for WordPress allows authenticated attackers with author-level access or higher to upload arbitrary files, including PHP scripts. This occurs because the upload icons function moves...

Positive Technologies•added 2026/05/05 12:0 a.m.•5 views

Exploits0References5

PT-2026-37031

The Betheme theme for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 28.4. This is due to the upload icons function workflow using a user-controlled upload path mfn-icon-upload in a filesystem move operation without constraining it to the uploads directory...

CNNVD•added 2026/05/05 12:0 a.m.•3 views

WordPress plugin Betheme 路径遍历漏洞

6.5CVSS5.8AI score0.0007EPSS