Vulnerabilities > Muffingroup

DATE CVE VULNERABILITY TITLE RISK
2023-05-10 CVE-2023-29101 Cross-site Scripting vulnerability in Muffingroup Betheme 26.5.1.4/26.6/26.6.1
Unauth.
network
low complexity
muffingroup CWE-79
6.1
2023-01-14 CVE-2022-45353 Incorrect Authorization vulnerability in Muffingroup Betheme 26.5.1.4/26.6/26.6.1
Broken Access Control in Betheme theme <= 26.6.1 on WordPress.
network
low complexity
muffingroup CWE-863
8.1
2022-11-29 CVE-2022-3747 Cross-Site Request Forgery (CSRF) vulnerability in Muffingroup Becustom 1.0.5.2
The Becustom plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.5.2.
network
low complexity
muffingroup CWE-352
6.5
2022-11-22 CVE-2022-45363 Cross-site Scripting vulnerability in Muffingroup Betheme 26.5.1.4/26.6/26.6.1
Auth.
network
low complexity
muffingroup CWE-79
5.4
2022-11-21 CVE-2022-3861 Deserialization of Untrusted Data vulnerability in Muffingroup Betheme 26.5.1.4
The Betheme theme for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 26.5.1.4 via deserialization of untrusted input supplied via the import, mfn-items-import-page, and mfn-items-import parameters passed through the mfn_builder_import, mfn_builder_import_page, importdata, importsinglepage, and importfromclipboard functions.
network
low complexity
muffingroup CWE-502
8.8
2022-11-17 CVE-2022-45077 Deserialization of Untrusted Data vulnerability in Muffingroup Betheme
Auth.
network
low complexity
muffingroup CWE-502
8.8