Themes Vulnerabilities

Betheme < 27.1.2 - Missing Authorization

Description

The Betheme theme for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on one of its functions in versions up to, and including, 27.1.1. This makes it possible for authenticated attackers, with contributor-level access and above, to invoke this function.

Affects Themes

betheme
Fixed in 27.1.2

References

CVE
CVE-2023-47770
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/72bdc81e-1a9d-4dd8-93a5-fb1026d6a2d9

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
6.3 (medium)

Miscellaneous

Original Researcher
Rafie Muhammad
Verified
No
WPVDB ID
b3cba673-036e-462a-ad10-e94e509f0fb1

Timeline

Publicly Published
2023-11-14 (about 2 years ago)
Added
2023-11-23 (about 2 years ago)
Last Updated
2024-01-22 (about 2 years ago)

Other

Published
Title
Published
2025-12-31
Title
Hotel Booking <= 3.8 - Missing Authorization
Published
2025-12-04
Title
Hype <= 1.0.5 - Missing Authorization
Published
2026-02-07
Title
Endless Posts Navigation < 2.3.0 - Missing Authorization
Published
2026-01-28
Title
Sendy < 3.4.3 - Missing Authorization
Published
2022-08-25
Title
Accommodation System <= 1.0.1 - Subscriber+ Unauthorised Actions