CVE-2022-45077 Auth. (subscriber+) PHP Object Injection vulnerability in Betheme theme <= 26.5.1.4 on WordPress.

CVE-2022-45077 Auth. (subscriber+) PHP Object Injection vulnerability in Betheme theme <= 26.5.1.4 on WordPress.

This vulnerability is rated as critical severity, due to the fact that it can be exploited by hackers to gain remote access to the target’s website and steal sensitive data. A remote attacker can exploit this vulnerability to perform a Denial of Service (DoS) attack, by sending an excessive amount of requests to the target’s website, to consume resources such as CPU or memory, thus significantly lowering the performance of the target’s website and preventing legitimate users from accessing the target’s website. A Remote Code Execution (RCE) attack is also possible, where a hacker can install malicious software on the target’s website, in order to steal sensitive data from users, such as credit card numbers.

Betheme is developed and maintained by a team of 3 developers, who are all responsible for the security of the plugin. The website for the plugin is hosted on the official WordPress.org website, which is a rigorous testing environment for plugins. However, due to the nature of the plugin, it is open to possible exploits, due to the fact that it allows users to upload images and videos.

Summary of Betheme

Betheme is a free WordPress plugin, which allows users to upload media and images, such as videos and pictures. The vulnerability presented in this case is a Remote Code Execution (RCE) vulnerability which could be exploited by hackers to steal sensitive data from users, such as credit card numbers.
The vulnerability was rated as critical severity due to the fact that it can be exploited by hackers to gain access to the target’s website and steal sensitive data.

The vulnerability, CVE-2022-45077, is present on the website where users upload videos and images. The vulnerability can be exploited by hackers to gain access to sensitive data, such as credit card numbers.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe