WordPress Betheme theme <= 26.5.1.4 - Auth. PHP Object Injection vulnerability
CVE-2022-45077

8.8HIGH

Key Information:

Vendor: WordPress
Status: Betheme (WordPress Theme)
Vendor: CVE Published:; 17 November 2022

Summary

Auth. (subscriber+) PHP Object Injection vulnerability in Betheme theme <= 26.5.1.4 on WordPress.

Affected Version(s)

Betheme (WordPress theme) <= 26.5.1.4 <= 26.5.1.4

References

https://patchstack.com/database/vulnerability/betheme/wor...

https://themeforest.net/item/betheme-responsive-multipurp...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 17, 2022
Vulnerability Reserved
Nov 9, 2022

Credit

Vulnerability discovered by Dave Jong (Patchstack)

.