3 matches found
CVE-2025-0450
creationtimestamp| type| source ---|---|--- 2025-01-21 11:15:45+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lgapzsekyo2b 2025-01-21 11:30:22+00:00| seen| https://infosec.exchange/users/cve/statuses/113866114465649341 2025-01-21 11:54:26+00:00| seen|...
CVE-2025-0450 Betheme <= 27.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom JS
The Betheme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's custom JS functionality in all versions up to, and including, 27.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2025-0450
CVE-2025-0450 – Betheme (WordPress) stored XSS : Vulnerable in Betheme versions up to 27.6.1 due to insufficient input sanitization and output escaping in the plugin’s custom JS attributes. Exploitation requires authenticated access at contributor level or higher, potentially enabling arbitrary s...