Vulnerability Details for CVE-2023-29101

Hello,

I've been informed about a vulnerability in theme versions of 26.7.5 or less.

https://patchstack.com/database/vulnerability/betheme/wordpress-betheme-theme-26-7-5-reflected-cross-site-scripting-xss-vulnerability

I understand it has been resolved in an update, however can you please provide more details as to what the vulnerability is and in what scenario it could be exploited?

Specifically, is it something that could be exploited by a member of the public, without being logged in?

I note the changelog mentions "Cross Site Scripting on some Shop pages". Can it be assumed that if WooCommerce is not installed, the vulnerability does not apply?

I have many sites using this theme, not all fully up to date for various reasons.

I'm looking to understand how seriously the sites could be compromised.


Thanks

Comments

  • Hello,

    Yes, it refers only to WooCommerce templates, so it will not affect pages without WooCommerce.

    However, we strongly recommend making regular updates and backups. The longer you do not update, the higher chance that something might go wrong.


    Best regards

  • Thanks. The updates do come, just with a large volume, maintenance takes time to come around for the individual clients.

Sign In or Register to comment.
This website uses cookies

We use cookies to personalise content and ads, to provide social media features and to analyse our traffic. We also share information about your use of our site with our social media, advertising and analytics partners who may combine it with other information that you’ve provided to them or that they’ve collected from your use of their services.

Cookies are small text files that can be used by websites to make a user's experience more efficient.

The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies we need your permission. This means that cookies which are categorized as necessary, are processed based on GDPR Art. 6 (1) (f). All other cookies, meaning those from the categories preferences and marketing, are processed based on GDPR Art. 6 (1) (a) GDPR.

This site uses different types of cookies. Some cookies are placed by third party services that appear on our pages.

You can at any time change or withdraw your consent from the Cookie Declaration on our website.

Learn more about who we are, how you can contact us and how we process personal data in our Privacy Policy.

Please state your consent ID and date when you contact us regarding your consent.