Muffingroup

Betheme

19 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2025-63075

  • EPSS 0.05%
  • Veröffentlicht 09.12.2025 14:52:36
  • Zuletzt bearbeitet 20.01.2026 15:18:40

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in muffingroup Betheme betheme allows DOM-Based XSS.This issue affects Betheme: from n/a through <= 28.1.7.

6.4

CVE-2025-9371

  • EPSS 0.03%
  • Veröffentlicht 09.10.2025 11:20:56
  • Zuletzt bearbeitet 09.10.2025 15:50:04

The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘page_title’ parameter in all versions up to, and including, 28.1.6 due to insufficient input sanitization and output escaping of theme breadcrumbs. This makes it po...

6.4

CVE-2025-7399

  • EPSS 0.03%
  • Veröffentlicht 06.08.2025 03:41:00
  • Zuletzt bearbeitet 06.08.2025 20:23:37

The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scripting via an Elementor display setting in all versions up to, and including, 28.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenti...

5.4

CVE-2025-3077

  • EPSS 0.12%
  • Veröffentlicht 16.04.2025 07:31:09
  • Zuletzt bearbeitet 04.06.2025 22:38:13

The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button shortcode and Custom CSS field in all versions up to, and including, 28.0.3 due to insufficient input sanitization and output escaping on user suppli...

5.4

CVE-2025-0450

  • EPSS 0.18%
  • Veröffentlicht 21.01.2025 11:15:10
  • Zuletzt bearbeitet 05.06.2025 14:26:26

The Betheme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's custom JS functionality in all versions up to, and including, 27.6.1 due to insufficient input sanitization and output escaping on user supplied attributes...

5.4

CVE-2024-5567

  • EPSS 0.38%
  • Veröffentlicht 13.09.2024 07:15:06
  • Zuletzt bearbeitet 26.09.2024 18:27:51

The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 27.5.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attack...

5.4

CVE-2024-3998

  • EPSS 0.31%
  • Veröffentlicht 30.08.2024 05:15:12
  • Zuletzt bearbeitet 03.09.2024 15:00:36

The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's shortcodes in all versions up to, and including, 27.5.6 due to insufficient input sanitization and output escaping on user supplied attributes. T...

8.8

CVE-2024-2694

  • EPSS 2.5%
  • Veröffentlicht 30.08.2024 05:15:12
  • Zuletzt bearbeitet 03.09.2024 15:10:54

The Betheme theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 27.5.6 via deserialization of untrusted input of the 'mfn-page-items' post meta value. This makes it possible for authenticated attackers, wit...

7.2

CVE-2023-39998

  • EPSS 0.17%
  • Veröffentlicht 19.06.2024 13:15:54
  • Zuletzt bearbeitet 31.01.2025 14:22:08

Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through 27.1.1.

7.6

CVE-2023-47770

  • EPSS 0.15%
  • Veröffentlicht 19.06.2024 12:15:11
  • Zuletzt bearbeitet 09.06.2025 20:13:43

Missing Authorization vulnerability in Muffin Group Betheme.This issue affects Betheme: from n/a through 27.1.1.