CVE-2022-45077
published 2022-11-17CVE-2022-45077: Auth. (subscriber+) PHP Object Injection vulnerability in Betheme theme <= 26.5.1.4 on WordPress.
PriorityP275high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
0.61%
45.0th percentile
Auth. (subscriber+) PHP Object Injection vulnerability in Betheme theme <= 26.5.1.4 on WordPress.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| muffingroup | betheme | < 26.6 | 26.6 |
| muffingroup | betheme | <= 26.5.1.4 | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vulncheck6.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-pwpx-r9xc-fhg4: Auth
ghsa_unreviewed·2022-11-18
CVE-2022-45077 [HIGH] CWE-502 GHSA-pwpx-r9xc-fhg4: Auth
Auth. (subscriber+) PHP Object Injection vulnerability in Betheme theme <= 26.5.1.4 on WordPress.
VulnCheck
Muffingroup Betheme Deserialization of Untrusted Data
vulncheck·2022·CVSS 6.3
CVE-2022-45077 [MEDIUM] Muffingroup Betheme Deserialization of Untrusted Data
Muffingroup Betheme Deserialization of Untrusted Data
Auth. (subscriber+) PHP Object Injection vulnerability in Betheme theme <= 26.5.1.4 on WordPress.
Affected: Muffingroup Betheme
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://patchstack.com/database/vulnerability/betheme/wordpress-betheme-theme-26-5-1-4-auth-php-object-injection-vulnerability
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://patchstack.com/database/vulnerability/betheme/wordpress-betheme-theme-26-5-1-4-auth-php-object-injection-vulnerability?_s_id=cvehttps://themeforest.net/item/betheme-responsive-multipurpose-wordpress-theme/7758048https://patchstack.com/database/vulnerability/betheme/wordpress-betheme-theme-26-5-1-4-auth-php-object-injection-vulnerability?_s_id=cvehttps://themeforest.net/item/betheme-responsive-multipurpose-wordpress-theme/7758048
2022-11-17
Published
Exploited in the wild