CVE-2022-3861
The Betheme theme for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 26.5.1.4 via deserialization of untrusted input supplied via the import, mfn-items-import-page, and mfn-items-import parameters passed through the mfn_builder_import, mfn_builder_import_page, importdata, importsinglepage, and importfromclipboard functions. This makes it possible for authenticated attackers, with contributor level permissions and above to inject a PHP Object. The additional presence of a POP chain would make it possible for attackers to execute code, retrieve sensitive data, delete files, etc..
We have discovered 7,368 live websites that are affected by CVE-2022-3861.
Affected Software
| Product | |
| Category | Wordpress Themes |
| Vulnerable Versions |
|
| Total Vulnerable Versions | 512 |
| Vulnerable Domains | 7,368 live websites (55.05% of BeTheme install base) |
Distribution by Website Rank
The diagram provides a graphic representation of the correlation between the occurrence of CVE-2022-3861 and the relative popularity of websitesDetails
- Published - Nov 21, 2022
Credits
- Julien Ahrens (finder)
CVE References
CWE References
Countries
 United States | 1,746 websites |
 Germany | 991 websites |
 France | 545 websites |
 Italy | 437 websites |
 Spain | 299 websites |
 GB | 278 websites |
 Netherlands | 242 websites |
 Brazil | 233 websites |
 Poland | 232 websites |
 Canada | 162 websites |
TLDs
| .com | 2,685 websites |
| .de | 676 websites |
| .org | 515 websites |
| .it | 272 websites |
| .fr | 251 websites |
| .nl | 190 websites |
| .com.br | 178 websites |
| .pl | 177 websites |
| .net | 161 websites |
| .co.uk | 126 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redGeographical Distribution
The distribution of websites across the globe that are exposed to CVE-2022-3861 through included software libraries and plugins.References
- https://muffingroup.com/betheme/
- https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2022-3861.txt
- https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-3861
Websites affected by CVE-2022-3861
Top websites that are affected by CVE-2022-3861. Please click on the "Contact us" button above to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ***.*********.nl | Netherlands | *,*** | |
| ***.*************.com | United States | **,*** | |
| *******.org | Spain | **,*** | |
| ***.buzz | United States | **,*** | |
| *****************.com | United States | **,*** | |
| ***.******.fr | France | **,*** | |
| ***.****************************.com | United States | **,*** | |
| **********.com | United States | **,*** | |
| **********.com | United States | **,*** | |
| *************.com | United States | **,*** |