CVE-2022-3861

The Betheme theme for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 26.5.1.4 via deserialization of untrusted input supplied via the import, mfn-items-import-page, and mfn-items-import parameters passed through the mfnbuilderimport, mfnbuilderimportpage,...

CVE-2022-3861

The Betheme theme for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 26.5.1.4 via deserialization of untrusted input supplied via the import, mfn-items-import-page, and mfn-items-import parameters passed through the mfnbuilderimport, mfnbuilderimportpage,...

CVE-2022-3861

The Betheme theme for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 26.5.1.4 via deserialization of untrusted input supplied via the import, mfn-items-import-page, and mfn-items-import parameters passed through the mfnbuilderimport, mfnbuilderimportpage,...

Deserialization of untrusted data

The Betheme theme for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 26.5.1.4 via deserialization of untrusted input supplied via the import, mfn-items-import-page, and mfn-items-import parameters passed through the mfnbuilderimport, mfnbuilderimportpage,...

CVE-2022-3861 Betheme <= 26.5.1.4 - Authenticated (Subscriber+) PHP Object Injection

The Betheme theme for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 26.5.1.4 via deserialization of untrusted input supplied via the import, mfn-items-import-page, and mfn-items-import parameters passed through the mfnbuilderimport, mfnbuilderimportpage,...

CVE-2022-3861

CVE-2022-3861 affects BeTheme for WordPress. The BeTheme plugin/theme is vulnerable to PHP Object Injection via deserialization of untrusted input in the import paths (import, mfn-items-import-page, mfn-items-import) used by functions mfn_builder_import, mfn_builder_import_page, importdata, impor...

CVE-2022-3861 Betheme <= 26.5.1.4 - Authenticated (Subscriber+) PHP Object Injection

The Betheme theme for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 26.5.1.4 via deserialization of untrusted input supplied via the import, mfn-items-import-page, and mfn-items-import parameters passed through the mfnbuilderimport, mfnbuilderimportpage,...

PT-2022-24477 · WordPress · Betheme

Name of the Vulnerable Software and Affected Versions: Betheme theme for WordPress versions up to, and including, 26.5.1.4 Description: The issue concerns PHP Object Injection via deserialization of untrusted input. This is made possible through the import, mfn-items-import-page, and...

Betheme < 26.6 - Contributor+ PHP Object Injection

The plugin unserializes user input provided via the import, mfn-items-import-page, and mfn-items-import parameters passed through the mfnbuilderimport, mfnbuilderimportpage, importdata, importsinglepage, and importfromclipboard functions. This could allow users with a role as low as contributor t...

Betheme < 26.6 - Contributor+ PHP Object Injection

The plugin unserializes user input provided via the import, mfn-items-import-page, and mfn-items-import parameters passed through the mfnbuilderimport, mfnbuilderimportpage, importdata, importsinglepage, and importfromclipboard functions. This could allow users with a role as low as contributor t...

WordPress BeTheme 26.5.1.4 PHP Object Injection

RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Betheme Vendor URL: https://muffingroup.com/betheme/ Type: Deserialization of Untrusted Data CWE-502 Date found: 2022-11-02 Date published: 2022-11-18 CVSSv3 Score: 8.8...

Cooked Pro < 1.7.5.7 - Unauthenticated PHP Object Injection

The plugin does not properly validate or sanitize the recipeargs parameter before unserializing it in the cookedloadmore action, allowing an unauthenticated attacker to trigger a PHP Object injection vulnerability. POST /wp-admin/admin-ajax.php HTTP/1.1 Content-Type:...

CVE-2022-45077

Auth. subscriber+ PHP Object Injection vulnerability in Betheme theme = 26.5.1.4 on WordPress...

Design/Logic Flaw

Auth. subscriber+ PHP Object Injection vulnerability in Betheme theme = 26.5.1.4 on WordPress...

CVE-2022-45077 WordPress Betheme theme <= 26.5.1.4 - Auth. PHP Object Injection vulnerability

Auth. subscriber+ PHP Object Injection vulnerability in Betheme theme = 26.5.1.4 on WordPress...

VulnCheck KEV: CVE-2022-45077

Auth. subscriber+ PHP Object Injection vulnerability in Betheme theme = 26.5.1.4 on WordPress...

PT-2022-27402 · WordPress · Betheme

Name of the Vulnerable Software and Affected Versions: Betheme theme versions = 26.5.1.4 Description: The issue is related to an authentication bypass vulnerability, specifically a PHP Object Injection vulnerability, affecting the Betheme theme on WordPress. It requires authentication as a...

Betheme < 26.6 - Subscriber+ PHP Object Injection

The plugin unserialize user input, which could allow low privilege users such as subscriber to perform PHP Object Injection when a suitable gadget is present...

WordPress Checkout Field Editor for WooCommerce plugin <= 1.7.2 - Auth PHP Object Injection vulnerability

Auth PHP Object Injection vulnerability discovered by Nguyen Duy Quoc Khanh in WordPress Checkout Field Editor for WooCommerce plugin versions = 1.7.2. Solution Update the WordPress Checkout Field Editor Checkout Manager for WooCommerce plugin to the latest available version at least 1.8.0...

Checkout Field Editor for WooCommerce < 1.8.0 - Admin+ PHP Object Injection

The plugin unserialize user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present To simulate a gadget chain, put the following code in a plugin class Evil public function wakeup : void die"Arbitrary...