3 matches found
CVE-2022-3747
The BeCustom WordPress plugin (BeTheme BeCustom) up to version 1.0.5.2 is vulnerable to Cross-Site Request Forgery due to missing nonce validation when saving settings. This allows unauthenticated attackers to modify settings (e.g., betheme_url_slug, replaced_theme_author, betheme_label) via forg...
WordPress BeTheme BeCustom 1.0.5.2 Cross Site Request Forgery Vulnerability
ADVISORY INFORMATION ======================= Product: BeCustom Wordpress Plugin Vendor URL: https://muffingroup.com/betheme/features/be-custom/ Type: Cross-Site Request Forgery CWE-253 Date found: 2021-10-28 Date published: 2022-11-10 CVSSv3 Score: 5.7...
WordPress BeTheme BeCustom 1.0.5.2 Cross Site Request Forgery
RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: BeCustom Wordpress Plugin Vendor URL: https://muffingroup.com/betheme/features/be-custom/ Type: Cross-Site Request Forgery CWE-253 Date found: 2021-10-28 Date published: 2022-11-10 CVSSv3...