46 matches found
WordPress Betheme theme <= 28.4 - Authenticated (Author+) Arbitrary File Upload to Remote Code Execution vulnerability
Authenticated Author+ Arbitrary File Upload to Remote Code Execution vulnerability discovered by Wordfence in WordPress Theme Betheme versions = 28.4...
CVE-2026-6261
The Betheme theme for WordPress is vulnerable to Arbitrary File Upload in versions up to, and including, 28.4. This is due to the uploadicons function workflow moving and unzipping user-controlled ZIP files into a public uploads directory without validating extracted file types. This makes it...
CVE-2026-6262
The Betheme theme for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 28.4. This is due to the uploadicons function workflow using a user-controlled upload path mfn-icon-upload in a filesystem move operation without constraining it to the uploads directory. Th...
PT-2026-37030
Name of the Vulnerable Software and Affected Versions Betheme versions prior to 28.5 Description The Betheme theme for WordPress allows authenticated attackers with author-level access or higher to upload arbitrary files, including PHP scripts. This occurs because the upload icons function moves...
PT-2026-37031
The Betheme theme for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 28.4. This is due to the upload icons function workflow using a user-controlled upload path mfn-icon-upload in a filesystem move operation without constraining it to the uploads directory...
EUVD-2025-33331
The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pagetitle’ parameter in all versions up to, and including, 28.1.6 due to insufficient input sanitization and output escaping of theme breadcrumbs. This makes it possible for authenticated attackers, with...
CVE-2025-9371 Betheme <= 28.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'page_title'
The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pagetitle’ parameter in all versions up to, and including, 28.1.6 due to insufficient input sanitization and output escaping of theme breadcrumbs. This makes it possible for authenticated attackers, with...
WordPress Betheme theme <= 28.2 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Betheme versions = 28.2...
EUVD-2024-27640
Malicious code in bioql PyPI...
EUVD-2025-11467
Malicious code in bioql PyPI...
EUVD-2022-48250
Malicious code in bioql PyPI...
EUVD-2022-47998
Malicious code in bioql PyPI...
EUVD-2023-32704
Malicious code in bioql PyPI...
CVE-2025-7399
The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scripting via an Elementor display setting in all versions up to, and including, 28.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access...
CVE-2025-7399
The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scripting via an Elementor display setting in all versions up to, and including, 28.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access...
CVE-2025-7399
CVE-2025-7399 concerns Betheme (WordPress) with a Stored Cross-Site Scripting flaw via an Elementor display setting in Betheme versions
CVE-2025-7399 Betheme <= 28.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scripting via an Elementor display setting in all versions up to, and including, 28.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access...
CVE-2025-7399 Betheme <= 28.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scripting via an Elementor display setting in all versions up to, and including, 28.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access...
CVE-2024-5567
The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 27.5.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, t...
CVE-2024-3998
The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's shortcodes in all versions up to, and including, 27.5.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...