Support Center Visit Demo License manager Buy @ envato

Vulnerability Details for CVE-2023-29101

chrismcb6chrismcb6
in Theme support

Hello,

I've been informed about a vulnerability in theme versions of 26.7.5 or less.

https://patchstack.com/database/vulnerability/betheme/wordpress-betheme-theme-26-7-5-reflected-cross-site-scripting-xss-vulnerability

I understand it has been resolved in an update, however can you please provide more details as to what the vulnerability is and in what scenario it could be exploited?

Specifically, is it something that could be exploited by a member of the public, without being logged in?

I note the changelog mentions "Cross Site Scripting on some Shop pages". Can it be assumed that if WooCommerce is not installed, the vulnerability does not apply?

I have many sites using this theme, not all fully up to date for various reasons.

I'm looking to understand how seriously the sites could be compromised.


Thanks

Comments

  • PhilPhil

    Hello,

    Yes, it refers only to WooCommerce templates, so it will not affect pages without WooCommerce.

    However, we strongly recommend making regular updates and backups. The longer you do not update, the higher chance that something might go wrong.


    Best regards

    Learn more: Video Tutorials | How To | FAQ Vote on what comes next
  • chrismcb6chrismcb6

    Thanks. The updates do come, just with a large volume, maintenance takes time to come around for the individual clients.

Sign In or Register to comment.
This website uses cookies

We use cookies to personalise content and ads, to provide social media features and to analyse our traffic. We also share information about your use of our site with our social media, advertising and analytics partners who may combine it with other information that you’ve provided to them or that they’ve collected from your use of their services.

Neccessary

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

Analytics & Performance

Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

Marketing

Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

Cookies are small text files that can be used by websites to make a user's experience more efficient.

The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies we need your permission. This means that cookies which are categorized as necessary, are processed based on GDPR Art. 6 (1) (f). All other cookies, meaning those from the categories preferences and marketing, are processed based on GDPR Art. 6 (1) (a) GDPR.

This site uses different types of cookies. Some cookies are placed by third party services that appear on our pages.

You can at any time change or withdraw your consent from the Cookie Declaration on our website.

Learn more about who we are, how you can contact us and how we process personal data in our Privacy Policy.

Please state your consent ID and date when you contact us regarding your consent.