Themes Vulnerabilities

Betheme < 26.6.3 - Missing Authorization

Description

The plugin does not authorize the `mfnvb_init_vb()` function, allowing an attacker with a role as low as Subscriber to perform several unauthorized actions.

Affects Themes

betheme
Fixed in 26.6.3

References

CVE
CVE-2022-45356
CVE
CVE-2022-45351
CVE
CVE-2022-45349
CVE
CVE-2022-45352

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
8.1 (high)

Miscellaneous

Original Researcher
Dave Jong
Verified
No
WPVDB ID
fe966a00-98db-4efc-92d5-54be7bd78347

Timeline

Publicly Published
2022-11-21 (about 3 years ago)
Added
2023-05-10 (about 3 years ago)
Last Updated
2023-05-10 (about 3 years ago)

Other

Published
Title
Published
2026-03-24
Title
WPGraphQL < 2.10 - Missing Authorization
Published
2024-07-11
Title
Product Delivery Date for WooCommerce – Lite < 2.7.3 - Missing Authorization
Published
2025-12-05
Title
Helloprint <= 2.1.2 - Missing Authorization to Unauthenticated Arbitrary Order Status Modification
Published
2025-05-16
Title
Element Pack Pro < 8.0.0 - Missing Authorization
Published
2026-04-20
Title
RepairBuddy – Repair Shop CRM & Booking Plugin for WordPress < 4.1133 - Missing Authorization