Themes Vulnerabilities

Betheme < 26.6.3 - Subscriber+ Unauthorised Action

Description

The plugin does not have authorisation in some areas, which could allow any authenticated users, such as subscriber to perform unauthorised action

Affects Themes

betheme
Fixed in 26.6.3

References

CVE
CVE-2022-45353

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Dave Jong
Verified
No
WPVDB ID
049d2889-4513-4ddd-8850-9c107c88074d

Timeline

Publicly Published
2022-11-21 (about 3 years ago)
Added
2023-01-16 (about 3 years ago)
Last Updated
2023-01-16 (about 3 years ago)

Other

Published
Title
Published
2025-09-22
Title
Javo Core <= 3.0.0.266 - Missing Authorization
Published
2026-02-20
Title
Ads Pro < 5.1 - Missing Authorization
Published
2026-01-08
Title
Zorka <= 1.5.7 - Missing Authorization
Published
2025-12-31
Title
Wiremo <= 1.4.99 - Missing Authorization
Published
2025-04-01
Title
WP AutoKeyword <= 1.0 - Missing Authorization to Arbitrary Content Deletion