vulnerability
WordPress Theme: betheme: CVE-2022-45356: Missing Authorization
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:L/Au:S/C:C/I:C/A:C) | Nov 21, 2022 | Dec 8, 2025 | Dec 8, 2025 |
Severity
9
CVSS
(AV:N/AC:L/Au:S/C:C/I:C/A:C)
Published
Nov 21, 2022
Added
Dec 8, 2025
Modified
Dec 8, 2025
Description
The Betheme theme for WordPress is vulnerable to authorization bypass in versions up to, and including, 26.6.2. This is due to a missing capability check on the mfnvb_init_vb() function that initializes the visual editor for the plugin and discloses the plugin's page builder nonces and functionality to an attacker. This makes it possible for authenticated attacks with minimal permissions, such as a subscriber, to trigger the Betheme page editor for any post or page and view the information along with make any changes to the post/page accessed through the editor.
Solution
betheme-theme-cve-2022-45356
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.