Vulnerability Details for CVE-2023-29101

chrismcb6

Hello,

I've been informed about a vulnerability in theme versions of 26.7.5 or less.

https://patchstack.com/database/vulnerability/betheme/wordpress-betheme-theme-26-7-5-reflected-cross-site-scripting-xss-vulnerability

I understand it has been resolved in an update, however can you please provide more details as to what the vulnerability is and in what scenario it could be exploited?

Specifically, is it something that could be exploited by a member of the public, without being logged in?

I note the changelog mentions "Cross Site Scripting on some Shop pages". Can it be assumed that if WooCommerce is not installed, the vulnerability does not apply?

I have many sites using this theme, not all fully up to date for various reasons.

I'm looking to understand how seriously the sites could be compromised.

Thanks

Phil

Hello,

Yes, it refers only to WooCommerce templates, so it will not affect pages without WooCommerce.

However, we strongly recommend making regular updates and backups. The longer you do not update, the higher chance that something might go wrong.

Best regards

Learn more: Video Tutorials | How To | FAQ Vote on what comes next

chrismcb6

Thanks. The updates do come, just with a large volume, maintenance takes time to come around for the individual clients.