Every CVE whose affected-product data names Muffingroup Betheme, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (16)
CVE-2022-3861 — CVSS 8.8 (high): The Betheme theme for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 26.5.1.4 via deserialization of…
CVE-2024-2694 — CVSS 8.8 (high): The Betheme theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 27.5.6 via deserialization of…
CVE-2023-39998 — CVSS 8.2 (high): Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through 27.1.1.
CVE-2023-47770 — CVSS 7.6 (high): Missing Authorization vulnerability in Muffin Group Betheme.This issue affects Betheme: from n/a through 27.1.1.
CVE-2025-0450 — CVSS 6.4 (medium): The Betheme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's custom JS functionality in all versions up…
CVE-2025-3077 — CVSS 6.4 (medium): The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button shortcode and Custom CSS field in all…
CVE-2024-3998 — CVSS 6.4 (medium): The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's shortcodes in all versions up to…
CVE-2024-5567 — CVSS 6.4 (medium): The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including…