vulnerability
WordPress Theme: betheme: CVE-2022-45352: Missing Authorization
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:L/Au:S/C:N/I:P/A:N) | Nov 21, 2022 | Dec 8, 2025 | Dec 8, 2025 |
Severity
4
CVSS
(AV:N/AC:L/Au:S/C:N/I:P/A:N)
Published
Nov 21, 2022
Added
Dec 8, 2025
Modified
Dec 8, 2025
Description
The Betheme theme for WordPress is vulnerable to authorization bypass in versions up to, and including, 26.6.2. This is due to a missing capability check on the mfnvb_init_vb() function that initializes the visual editor for the plugin and discloses the plugin's page builder nonces and functionality to an attacker. This makes it possible for authenticated attacks with minimal permissions, such as a subscriber, to trigger the Betheme page editor for any post or page and view the information along with make any changes to the post/page accessed through the editor. This CVE is specific to updating the theme's settings via the editing page through the mfnvb_savethemeoptions function. This is an extension of CVE-2022-45356.
Solution
betheme-theme-cve-2022-45352
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.