SB2022112511 - Multiple vulnerabilities in Betheme theme for WordPress
Published: November 25, 2022
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 6 secuirty vulnerabilities.
1) Stored cross-site scripting (CVE-ID: CVE-2022-45363)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
2) Improper access control (CVE-ID: CVE-2022-45353)
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A remote user can bypass implemented security restrictions and gain unauthorized access to the application.
3) Improper access control (CVE-ID: CVE-2022-45352)
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A remote user can bypass implemented security restrictions and gain unauthorized access to the application.
4) Improper access control (CVE-ID: CVE-2022-45356)
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A remote user can bypass implemented security restrictions and gain unauthorized access to the application.
5) Improper access control (CVE-ID: CVE-2022-45351)
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A remote user can bypass implemented security restrictions and gain unauthorized access to the application.
6) Improper access control (CVE-ID: CVE-2022-45349)
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A remote user can bypass implemented security restrictions and gain unauthorized access to the application.
Remediation
Install update from vendor's website.
References
- https://patchstack.com/database/vulnerability/betheme/wordpress-betheme-theme-26-6-1-auth-stored-cross-site-scripting-xss-vulnerability?_s_id=cve
- https://patchstack.com/database/vulnerability/betheme/wordpress-betheme-theme-26-6-1-broken-access-control-vulnerability
- https://patchstack.com/database/vulnerability/betheme/wordpress-betheme-theme-26-6-1-broken-access-control-vulnerability-2
- https://patchstack.com/database/vulnerability/betheme/wordpress-betheme-theme-26-6-1-broken-access-control-vulnerability-3
- https://patchstack.com/database/vulnerability/betheme/wordpress-betheme-theme-26-6-1-broken-access-control-vulnerability-5
- https://patchstack.com/database/vulnerability/betheme/wordpress-betheme-theme-26-6-1-broken-access-control-vulnerability-4