Headline
CVE-2022-45077: WordPress Betheme theme <= 26.5.1.4 - Auth. PHP Object Injection vulnerability - Patchstack
Auth. (subscriber+) PHP Object Injection vulnerability in Betheme theme <= 26.5.1.4 on WordPress.
Verified
Fixed
6.3
CVSS 3.1 score Medium severity
Report
Monitoring Not reported to be exploited
Vulnerable versions
<= 26.5.1.4
PSID
41aa72fad969
Classification
PHP Object Injection
OWASP Top 10
A1: Injection
Required privilege
Requires subscriber or higher role user authentication.
Publicly disclosed
2022-11-17
Details
Auth. PHP Object Injection vulnerability discovered by Dave Jong (Patchstack) in the WordPress Betheme theme (versions <= 26.5.1.4).
Solution
Update the WordPress Betheme theme to the latest available version (at least 26.6).
References
Theme page