CVE-2022-45352
Published: April 11, 2026
Official Description
Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through 26.6.1.
Risk Analysis
This vulnerability in the Muffingroup Betheme for WordPress is due to missing authorization, allowing unauthorized actions. The confirmed exploitation in the wild and inclusion in CISA's KEV catalog indicate this is an urgent threat. This flaw could allow attackers to bypass intended access controls and perform privileged operations.
This vulnerability is actively exploited in the wild and is listed in CISA's Known Exploited Vulnerabilities (KEV) catalog. Attackers are bypassing authorization checks to perform unauthorized actions.
Upgrade the Muffingroup Betheme to a version beyond 26.6.1 to address the missing authorization vulnerability. Ensure all themes and plugins are kept up-to-date and review user roles and permissions regularly.
Technical Analysis
CVE-2022-45352 requires local access, meaning attackers must already have a foothold on the target system.
Exploitation requires some privileges, which limits the exposure to scenarios where an attacker has already gained initial access.
CISA has added CVE-2022-45352 to the Known Exploited Vulnerabilities (KEV) catalog, confirming active exploitation in the wild. U.S. federal agencies are required to patch this within the mandated timeframe, and all organizations should treat remediation as urgent.
Exploit & PoC Resources
Quick Facts
Recommended Actions
- →Apply vendor patches immediately
- →Monitor CVE-2022-45352 in threat intel feeds
- →Review IDS/IPS signatures for exploitation attempts
- !CISA KEV: Federal agencies must patch per BOD 22-01 timeline
- !Active exploitation confirmed — treat as P1