Skip to main content

Betheme

14 CVEs product

Monthly

CVE-2025-3077 MEDIUM This Month

The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button shortcode and Custom CSS field in all versions up to, and including, 28.0.3 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Betheme PHP
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-0450 MEDIUM This Month

The Betheme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's custom JS functionality in all versions up to, and including, 27.6.1 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Betheme PHP
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-5567 MEDIUM This Month

The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 27.5.5 due to insufficient input sanitization and output. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Betheme
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-3998 MEDIUM This Month

The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's shortcodes in all versions up to, and including, 27.5.6 due to insufficient input sanitization. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Betheme
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-2694 HIGH This Week

The Betheme theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 27.5.6 via deserialization of untrusted input of the 'mfn-page-items' post meta value. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization WordPress Information Disclosure PHP Betheme
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-45356 MEDIUM This Month

Missing Authorization vulnerability in Muffingroup Betheme.6.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Betheme
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2022-45352 MEDIUM This Month

Missing Authorization vulnerability in Muffingroup Betheme.6.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Betheme
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2022-45351 MEDIUM This Month

Missing Authorization vulnerability in Muffingroup Betheme.6.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Betheme
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2022-45349 MEDIUM This Month

Missing Authorization vulnerability in Muffingroup Betheme.6.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Betheme
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-29101 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Betheme
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-45353 MEDIUM This Month

Broken Access Control in Betheme theme <= 26.6.1 on WordPress. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Betheme
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-45363 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Betheme
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-3861 HIGH POC This Week

The Betheme theme for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 26.5.1.4 via deserialization of untrusted input supplied via the import, mfn-items-import-page,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization PHP Information Disclosure WordPress Betheme
NVD VulDB GitHub
CVSS 3.1
8.8
EPSS
3.4%
CVE-2022-45077 HIGH This Week

Auth. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP WordPress Deserialization Betheme
NVD
CVSS 3.1
8.8
EPSS
0.6%
EPSS 0% CVSS 6.4
MEDIUM This Month

The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button shortcode and Custom CSS field in all versions up to, and including, 28.0.3 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Betheme +1
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

The Betheme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's custom JS functionality in all versions up to, and including, 27.6.1 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Betheme +1
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 27.5.5 due to insufficient input sanitization and output. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Betheme
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's shortcodes in all versions up to, and including, 27.5.6 due to insufficient input sanitization. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Betheme
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The Betheme theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 27.5.6 via deserialization of untrusted input of the 'mfn-page-items' post meta value. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization WordPress Information Disclosure +2
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Missing Authorization vulnerability in Muffingroup Betheme.6.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Betheme
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Missing Authorization vulnerability in Muffingroup Betheme.6.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Betheme
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Missing Authorization vulnerability in Muffingroup Betheme.6.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Betheme
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Missing Authorization vulnerability in Muffingroup Betheme.6.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Betheme
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Betheme
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Broken Access Control in Betheme theme <= 26.6.1 on WordPress. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Betheme
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Betheme
NVD
EPSS 3% CVSS 8.8
HIGH POC This Week

The Betheme theme for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 26.5.1.4 via deserialization of untrusted input supplied via the import, mfn-items-import-page,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization PHP Information Disclosure +2
NVD VulDB GitHub
EPSS 1% CVSS 8.8
HIGH This Week

Auth. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP WordPress Deserialization +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy