CVE-2023-29101
WordPress Betheme Theme <= 26.7.5 is vulnerable to Cross Site Scripting (XSS)Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Muffingroup Betheme theme <= 26.7.5 versions.
We have discovered 65,325 live websites that are affected by CVE-2023-29101.
Affected Software
| Product | |
| Category | Wordpress Themes |
| Vulnerable Domains | 65,325 live websites (58.95% of BeTheme install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 524 versions ( 86.18% of all versions) |
Common Weakness Enumeration
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')Details
- Published - May 10, 2023
- Updated - Jan 13, 2025
Credits
- Rafie Muhammad (Patchstack) (finder)
CWE
CVE References
CWE References
CVE-2023-29101 usage by Country
 United States | 18,915 websites |
 Germany | 8,883 websites |
 France | 3,929 websites |
 Brazil | 2,776 websites |
 Italy | 2,347 websites |
 Poland | 2,207 websites |
 GB | 1,923 websites |
 Spain | 1,843 websites |
 Netherlands | 1,631 websites |
 Russia | 1,598 websites |
CVE-2023-29101 usage by TLD
| .com | 24,386 websites |
| .de | 4,269 websites |
| .com.br | 3,547 websites |
| .fr | 2,556 websites |
| .it | 2,034 websites |
| .org | 1,900 websites |
| .pl | 1,749 websites |
| .nl | 1,612 websites |
| .ru | 1,286 websites |
| .co.uk | 1,235 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2023-29101
Top websites that are affected by CVE-2023-29101. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *********.nl | United States | *,*** | |
| *****************.com | United States | **,*** | |
| ******.fr | France | **,*** | |
| **********.com | United States | **,*** | |
| **********.com | United States | **,*** | |
| ***********.com |  Singapore | ***,*** | |
| *******.**.ke |  Kenya | ***,*** | |
| *******.de | Germany | ***,*** | |
| *******.com | United States | ***,*** | |
| ********.at | Germany | ***,*** |
FAQ
CVE-2023-29101 is Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in BeTheme
A total of 65,325 websites have been identified as vulnerable to CVE-2023-29101, discovered through global website indexing conducted by WebTechSurvey.
BeTheme is susceptible to CVE-2023-29101 vulnerability.
BeTheme versions before, and including, 26.7.5 are vulnerable to CVE-2023-29101.