Metrics
Affected Vendors & Products
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
Wed, 06 Aug 2025 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Wed, 06 Aug 2025 08:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Muffingroup
Muffingroup betheme Wordpress Wordpress wordpress |
|
Vendors & Products |
Muffingroup
Muffingroup betheme Wordpress Wordpress wordpress |
Wed, 06 Aug 2025 04:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scripting via an Elementor display setting in all versions up to, and including, 28.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |
Title | Betheme <= 28.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting | |
Weaknesses | CWE-79 | |
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: Wordfence
Published:
Updated: 2025-08-06T19:28:54.193Z
Reserved: 2025-07-09T18:06:34.105Z
Link: CVE-2025-7399

Updated: 2025-08-06T19:28:50.592Z

Status : Awaiting Analysis
Published: 2025-08-06T04:16:20.410
Modified: 2025-08-06T20:23:37.600
Link: CVE-2025-7399

No data.

Updated: 2025-08-06T07:40:59Z