cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2025-0450,https://securityvulnerability.io/vulnerability/CVE-2025-0450,Stored Cross-Site Scripting Vulnerability in Betheme Plugin for WordPress,"The Betheme plugin for WordPress is susceptible to a Stored Cross-Site Scripting vulnerability due to inadequate input sanitization and output escaping on user-defined attributes. Authenticated attackers with contributor-level access or higher can exploit this flaw to inject malicious scripts into web pages. These scripts will execute when users access the affected pages, posing a significant risk to site integrity and user safety.",Wordpress,Betheme,6.4,MEDIUM,0.00044999999227002263,false,,false,false,false,false,false,false,2025-01-21T11:09:45.700Z,0
CVE-2024-5567,https://securityvulnerability.io/vulnerability/CVE-2024-5567,Betheme Theme Vulnerable to Stored Cross-Site Scripting,"The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 27.5.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.",Wordpress,Betheme,5.4,MEDIUM,0.0005300000193528831,false,,false,false,false,,false,false,2024-09-13T06:47:27.600Z,0
CVE-2024-2694,https://securityvulnerability.io/vulnerability/CVE-2024-2694,Betheme theme vulnerable to PHP Object Injection,"The Betheme theme for WordPress is susceptible to a PHP Object Injection vulnerability across all versions up to and including 27.5.6. This issue arises from the deserialization of untrusted input originating from the 'mfn-page-items' post meta value. Authenticated attackers with contributor-level access or higher can exploit this flaw to inject malicious PHP objects. While no known payload object graph (POP) chain exists in the vulnerable plugin itself, the presence of a POP chain through additional plugins or themes installed on the target system could enable attackers to perform various actions, including deleting arbitrary files, accessing sensitive data, or executing unauthorized code.",Wordpress,Betheme,8.8,HIGH,0.0005000000237487257,false,,false,false,false,,false,false,2024-08-30T04:29:56.636Z,0
CVE-2024-3998,https://securityvulnerability.io/vulnerability/CVE-2024-3998,Stored Cross-Site Scripting Vulnerability in Betheme for WordPress,"The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's shortcodes in all versions up to, and including, 27.5.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Betheme,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-08-30T04:29:55.950Z,0
CVE-2022-45353,https://securityvulnerability.io/vulnerability/CVE-2022-45353,WordPress Betheme theme <= 26.6.1 is vulnerable to Broken Access Control,"Broken Access Control in Betheme theme <= 26.6.1 on WordPress.
",Wordpress,Betheme,4.3,MEDIUM,0.0006300000241026282,false,,false,false,false,,false,false,2023-01-14T10:53:27.096Z,0
CVE-2022-45363,https://securityvulnerability.io/vulnerability/CVE-2022-45363,WordPress Betheme premium theme <= 26.6.1 - Auth. Stored Cross-Site Scripting (XSS) vulnerability,Auth. (subscriber+) Stored Cross-Site Scripting (XSS) in Muffingroup Betheme theme <= 26.6.1 on WordPress.,Wordpress,Betheme,5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,false,false,2022-11-22T07:44:56.280Z,0
CVE-2022-3861,https://securityvulnerability.io/vulnerability/CVE-2022-3861,PHP Object Injection Vulnerability in Betheme for WordPress by Muffin Group,"The Betheme theme for WordPress is exposed to a PHP Object Injection vulnerability due to improper handling of untrusted input during the import process. Versions up to and including 26.5.1.4 allow authenticated users, with contributor level permissions and above, to inject a malicious PHP Object through various parameters. Attackers leveraging this vulnerability can execute arbitrary code, extract confidential information, or manipulate files, placing sensitive data and site integrity at risk.",Wordpress,Betheme,8.8,HIGH,0.003599999938160181,false,,false,false,false,,false,false,2022-11-21T12:45:46.108Z,0
CVE-2022-45077,https://securityvulnerability.io/vulnerability/CVE-2022-45077,WordPress Betheme theme <= 26.5.1.4 - Auth. PHP Object Injection vulnerability,Auth. (subscriber+) PHP Object Injection vulnerability in Betheme theme <= 26.5.1.4 on WordPress.,Wordpress,Betheme (WordPress Theme),6.3,MEDIUM,0.0009699999936856329,false,,false,false,false,,false,false,2022-11-17T00:00:00.000Z,0