CVE-2022-3747
The BeCustom WordPress plugin (BeTheme BeCustom) up to version 1.0.5.2 is vulnerable to Cross-Site Request Forgery due to missing nonce validation when saving settings. This allows unauthenticated attackers to modify settings (e.g., betheme_url_slug, replaced_theme_author, betheme_label) via forg...