Lucene search
K

4 matches found

Vulnrichment
Vulnrichment
added 2026/05/05 11:25 a.m.6 views

CVE-2026-6261 Betheme <= 28.4 - Authenticated (Author+) Arbitrary File Upload to Remote Code Execution via Icon Pack Upload

The Betheme theme for WordPress is vulnerable to Arbitrary File Upload in versions up to, and including, 28.4. This is due to the uploadicons function workflow moving and unzipping user-controlled ZIP files into a public uploads directory without validating extracted file types. This makes it...

8.8CVSS6.5AI score0.00612EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/05 11:25 a.m.4 views

CVE-2026-6261

The Betheme theme for WordPress is vulnerable to Arbitrary File Upload in versions up to, and including, 28.4. This is due to the uploadicons function workflow moving and unzipping user-controlled ZIP files into a public uploads directory without validating extracted file types. This makes it...

8.8CVSS6.5AI score0.00612EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/05 11:25 a.m.58 views

CVE-2026-6261 Betheme <= 28.4 - Authenticated (Author+) Arbitrary File Upload to Remote Code Execution via Icon Pack Upload

The Betheme theme for WordPress is vulnerable to Arbitrary File Upload in versions up to, and including, 28.4. This is due to the uploadicons function workflow moving and unzipping user-controlled ZIP files into a public uploads directory without validating extracted file types. This makes it...

8.8CVSS0.00612EPSS
Exploits0References2
CVE
CVE
added 2026/05/05 11:25 a.m.19 views

CVE-2026-6261

The Betheme theme for WordPress (up to version 28.4) is vulnerable to Arbitrary File Upload via the upload_icons workflow. The root cause is that user-controlled ZIPs are moved and unzip’ed into a public uploads directory without validating extracted file types. Authenticated attackers with autho...

8.8CVSS6.5AI score0.00612EPSS
Exploits0References2
Rows per page
Query Builder