• Call Us: (540) 566-8737
    • Account Login (AMP)
    Menu
    Betheme <= 27.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom JS

    Betheme <= 27.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom JS

    Tweet
    Share
    Share
    Pin
    0 Shares

    EntreBase Advisory: The Betheme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin\’s custom JS functionality in all versions up to, and including, 27.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

    Read more about this vulnerability: https://www.wordfence.com/threat-intel/vulnerabilities/id/340c14ea-70b9-4f60-84b3-97328432f110?source=api-prod

    About the Contributor
    Trust & Safety
    The Trust & Safety team ensures the EntreBase platform remains compliant, safe, and user-friendly. Focused on risk management and user protection, they work to uphold trust and provide a seamless experience.