The leading open source vulnerability database

Instantly mitigate vulnerabilities in WordPress websites with Patchstack.

See pricing
Rated 4.9
Total47,794
Mitigations15,427
Stats
CVSS0
10
Affected software | Vulnerability
RiskDisclosed
Betheme<= 28.4
Authenticated (Author+) Arbitrary File Upload to Remote Code Execution vulnerability
9.1
06/05/2026
Betheme<= 28.4
Authenticated (Contributor+) Arbitrary File Deletion vulnerability
6.5
04/05/2026
Betheme<= 28.1.6
Authenticated (Contributor+) Stored Cross-Site Scripting via 'page_title' vulnerability
6.5
08/10/2025
Betheme<= 28.2
Cross Site Scripting (XSS) vulnerability
6.5
06/10/2025
Betheme<= 28.1.3
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
6.5
05/08/2025
Betheme<= 28.0.3
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
6.5
15/04/2025
Betheme<= 27.6.1
Authenticated (Contributor+) Stored Cross-Site Scripting via Custom JS vulnerability
6.5
21/01/2025
Betheme<= 27.5.5
Authenticated (Author+) Stored Cross-Site Scripting via SVG File vulnerability
6.5
13/09/2024
Betheme<= 27.5.6
Authenticated (Contributor+) PHP Object Injection vulnerability
8.5
30/08/2024
Betheme<= 27.5.6
Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
6.5
30/08/2024
Betheme<= 27.1.1
Contributor+ Broken Access Control vulnerability
7.6
14/11/2023
Betheme<= 27.1.1
Author+ Broken Access Control vulnerability
8.2
10/08/2023
Betheme<= 26.7.5
Reflected Cross Site Scripting (XSS) vulnerability
7.1
13/04/2023
Betheme<= 26.6.1
Broken Access Control vulnerability
6.3
21/11/2022
Betheme<= 26.6.1
Broken Access Control vulnerability
4.3
21/11/2022
Betheme<= 26.6.1
Broken Access Control vulnerability
5.4
21/11/2022
Betheme<= 26.6.1
Broken Access Control vulnerability
5.4
21/11/2022
Betheme<= 26.6.1
Broken Access Control vulnerability
4.3
21/11/2022
Betheme<= 26.6.1
Auth. Stored Cross-Site Scripting (XSS) vulnerability
5.4
21/11/2022
Betheme<= 26.5.1.4
Auth. PHP Object Injection vulnerability
6.3
17/11/2022