Muffingroup Betheme
19 CVEs affecting Muffingroup Betheme. Latest disclosed: 2026-05-05. Critical: 0, High: 5.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-6261 | High | 8.8 | 2026-05-05 | The Betheme theme for WordPress is vulnerable to Arbitrary File Upload in versions up to, and including, 28.4. This is due to the upload_icons() function workf… |
CVE-2024-2694 | High | 8.8 | 2024-08-30 | The Betheme theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 27.5.6 via deserialization of untrusted input of th… |
CVE-2022-3861 | High | 8.8 | 2022-11-21 | The Betheme theme for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 26.5.1.4 via deserialization of untrusted input supplie… |
CVE-2023-39998 | High | 8.2 | 2024-06-19 | Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through 27.1.1. |
CVE-2023-29101 | High | 7.1 | 2023-05-10 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Muffingroup Betheme theme <= 26.7.5 versions. |
CVE-2026-6262 | Medium | 6.5 | 2026-05-05 | The Betheme theme for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 28.4. This is due to the upload_icons() function wor… |
CVE-2025-63075 | Medium | 6.5 | 2025-12-09 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in muffingroup Betheme betheme allows DOM-Based XSS.This iss… |
CVE-2025-9371 | Medium | 6.4 | 2025-10-09 | The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘page_title’ parameter in all versions up to, and including, 28.1.6 due to… |
CVE-2025-7399 | Medium | 6.4 | 2025-08-06 | The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scripting via an Elementor display setting in all versions up to, and including, 28.1.3 due… |
CVE-2025-3077 | Medium | 6.4 | 2025-04-16 | The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button shortcode and Custom CSS field in all versions up to, and… |
CVE-2025-0450 | Medium | 6.4 | 2025-01-21 | The Betheme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's custom JS functionality in all versions up to, and including, 27… |
CVE-2024-5567 | Medium | 6.4 | 2024-09-13 | The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 27.5.5 due to insuffici… |
CVE-2024-3998 | Medium | 6.4 | 2024-08-30 | The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's shortcodes in all versions up to, and including, 27.5… |
CVE-2022-45356 | Medium | 5.4 | 2024-03-25 | Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through 26.6.1. |
CVE-2022-45352 | Medium | 5.4 | 2024-03-25 | Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through 26.6.1. |
CVE-2022-45351 | Medium | 5.4 | 2024-03-25 | Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through 26.6.1. |
CVE-2022-45363 | Medium | 5.4 | 2022-11-22 | Auth. (subscriber+) Stored Cross-Site Scripting (XSS) in Muffingroup Betheme theme <= 26.6.1 on WordPress. |
CVE-2022-45349 | Medium | 4.3 | 2024-03-25 | Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through 26.6.1. |
CVE-2022-45353 | Medium | 4.3 | 2023-01-14 | Broken Access Control in Betheme theme <= 26.6.1 on WordPress. |