Themes Vulnerabilities

Betheme < 26.6 - Subscriber+ PHP Object Injection

Description

The plugin unserialize user input, which could allow low privilege users such as subscriber to perform PHP Object Injection when a suitable gadget is present

Affects Themes

betheme
Fixed in 26.6

References

CVE
CVE-2022-45077

Classification

Type
OBJECT INJECTION
OWASP top 10
A8: Insecure Deserialization
CWE
CWE-502
CVSS
5.0 (medium)

Miscellaneous

Original Researcher
Dave Jong
Verified
No
WPVDB ID
a163d5e7-2b16-450a-a792-ef8f4fa456df

Timeline

Publicly Published
2022-11-17 (about 3 years ago)
Added
2022-11-18 (about 3 years ago)
Last Updated
2022-11-18 (about 3 years ago)

Other

Published
Title
Published
2025-01-10
Title
Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups < 1.3.6 - Missing Authorization to Authenticated (Contributor+) PHP Object Injection
Published
2024-10-17
Title
Giveaway Boost <= 2.1.4 - Unauthenticated PHP Object Injection
Published
2025-09-23
Title
DentiCare < 1.4.3 - Unauthenticated PHP Object Injection
Published
2025-03-28
Title
Multiple Shipping And Billing Address For Woocommerce < 1.6 - Unauthenticated PHP Object Injection
Published
2025-12-30
Title
Dental Care CPT <= 20.2 - Authenticated (Contributor+) PHP Object Injection