CVE-2022-3861
The Betheme theme for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 26.5.1.4 via deserialization of untrusted input supplied via the import, mfn-items-import-page, and mfn-items-import parameters passed through the mfn_builder_import, mfn_builder_import_page, importdata, importsinglepage, and importfromclipboard functions. This makes it possible for authenticated attackers, with contributor level permissions and above to inject a PHP Object. The additional presence of a POP chain would make it possible for attackers to execute code, retrieve sensitive data, delete files, etc..
We have discovered 7,368 live websites that are affected by CVE-2022-3861.
Contact us to get more info
Affected Software
| |
---|
Product | BeTheme |
Category | Wordpress Themes |
Vulnerable Versions | |
Total Vulnerable Versions | 512 |
Vulnerable Domains | 7,368 live websites (55.05% of BeTheme install base) |
Distribution by Website Rank
The diagram provides a graphic representation of the correlation between the occurrence of CVE-2022-3861 and the relative popularity of websites