WordPress Betheme theme <= 28.4 - Authenticated (Author+) Arbitrary File Upload to Remote Code Execution vulnerability

Authenticated Author+ Arbitrary File Upload to Remote Code Execution vulnerability discovered by Wordfence in WordPress Theme Betheme versions = 28.4...

WordPress Betheme theme <= 28.4 - Authenticated (Contributor+) Arbitrary File Deletion vulnerability

Authenticated Contributor+ Arbitrary File Deletion vulnerability discovered by ? in WordPress Theme Betheme versions = 28.4...

CVE-2025-63075 WordPress Betheme theme <= 28.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in muffingroup Betheme betheme allows DOM-Based XSS.This issue affects Betheme: from n/a through = 28.2...

CVE-2025-63075

The CVE describes a DOM-based XSS in the WordPress Betheme theme, affecting Betheme versions up to 28.1.7. Root cause per the sources is improper neutralization of input during web page generation, enabling DOM-Based XSS without server-side code execution. Affected component: Betheme (WordPress t...

WordPress Betheme plugin <= 28.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by stealthcopter in WordPress Theme Betheme versions = 28.1.3...

WordPress Betheme Theme <= 28.1.3 is vulnerable to Cross Site Scripting (XSS)

Software Betheme Type Theme Vulnerable versions = 28.1.3 Fixed in 28.1.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2025-7399 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 9f439b9a2b5e Credits stealthcopter Required privileg...

WordPress Betheme plugin <= 28.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Webbernaut in WordPress Theme Betheme versions = 28.0.3...

WordPress Betheme theme <= 27.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom JS vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Custom JS vulnerability discovered by stealthcopter in WordPress Theme Betheme versions = 27.6.1...

WordPress Betheme theme <= 27.5.6 - Authenticated (Contributor+) PHP Object Injection vulnerability

Authenticated Contributor+ PHP Object Injection vulnerability discovered by Francesco Carlucci in WordPress Theme Betheme versions = 27.5.6...

CVE-2023-47770 WordPress BeTheme theme <= 27.1.1 - Contributor+ Broken Access Control vulnerability

Missing Authorization vulnerability in Muffin Group Betheme.This issue affects Betheme: from n/a through 27.1.1...

CVE-2022-45349 WordPress Betheme premium theme <= 26.6.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through 26.6.1...

WordPress Betheme Theme <= 27.1.1 is vulnerable to Broken Access Control

Software Betheme Type Theme Vulnerable versions = 27.1.1 Fixed in 27.1.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-47770 Patch priority High CVSS severity High 7.6 Developer Claim ownership PSID f61160742341 Credits Rafie Muhammad Patchstack Required...

WordPress Betheme Theme <= 27.1.1 is vulnerable to Broken Access Control

Software Betheme Type Theme Vulnerable versions = 27.1.1 Fixed in 27.1.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-39998 Patch priority Low CVSS severity Low 8.2 Developer Claim ownership PSID 00af6846d656 Credits Rafie Muhammad Patchstack Required...

WordPress theme Betheme 代码问题漏洞

WordPress is a blogging platform developed in PHP by the WordPress Foundation. The platform supports personal blog sites on PHP and MySQL servers.WordPress theme is a theme for WordPress. A security vulnerability exists in WordPress theme Betheme version 26.5.1.4 and earlier versions, which stems...