Headline
CVE-2022-45363: WordPress Betheme premium theme <= 26.6.1 - Auth. Stored Cross-Site Scripting (XSS) vulnerability - Patchstack
Auth. (subascriber+) Stored Cross-Site Scripting (XSS) in Muffingroup Betheme theme <= 26.6.1 on WordPress.
Verified
Not fixed
5.4
CVSS 3.1 score Medium severity
Report
Monitoring Not reported to be exploited
Vulnerable versions
<= 26.6.1
PSID
33b6c8f6d62b
Classification
Cross Site Scripting (XSS)
OWASP Top 10
A7: Cross-Site Scripting (XSS)
Required privilege
Requires subscriber or higher role user authentication.
Publicly disclosed
2022-11-21
Details
Auth. Stored Cross-Site Scripting (XSS) vulnerability discovered by Dave Jong (Patchstack) in the WordPress Betheme premium theme (versions <= 26.6.1).
Solution
No reply from the vendor.
References