Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

MuffinGroup — Vulnerabilities & Security Advisories 21

Browse all 21 CVE security advisories affecting MuffinGroup. AI-powered Chinese analysis, POCs, and references for each vulnerability.

MuffinGroup operates as a provider of digital signage and content management solutions, primarily serving retail and enterprise environments with networked display systems. Security audits have identified twenty-one Common Vulnerabilities and Exposures (CVEs) associated with its software ecosystem, indicating a persistent pattern of implementation flaws. The most prevalent vulnerability classes include Remote Code Execution (RCE) and Cross-Site Scripting (XSS), which often stem from inadequate input validation in web interfaces. Additionally, several instances of broken access control and privilege escalation have been documented, allowing unauthorized users to manipulate system configurations or access sensitive data. These issues suggest that while the platform facilitates dynamic content delivery, its underlying architecture has historically struggled with robust security hygiene. Recent patches have addressed critical RCE vectors, yet the cumulative risk profile remains elevated due to the volume of disclosed defects and the potential for lateral movement within connected display networks.

Top products by MuffinGroup: Betheme Becustom Betheme (WordPress theme)
CVE IDTitleCVSSSeverityPublished
CVE-2026-6261 Betheme <= 28.4 - Authenticated (Author+) Arbitrary File Upload to Remote Code Execution via Icon Pack Upload — BethemeCWE-434 8.8 High2026-05-05
CVE-2026-6262 Betheme <= 28.4 - Authenticated (Contributor+) Arbitrary File Deletion via 'mfn-icon-upload' — BethemeCWE-22 6.5 Medium2026-05-05
CVE-2025-63075 WordPress Betheme theme <= 28.2 - Cross Site Scripting (XSS) vulnerability — BethemeCWE-79 6.5 Medium2025-12-09
CVE-2025-9371 Betheme <= 28.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'page_title' — BethemeCWE-79 6.4 Medium2025-10-09
CVE-2025-7399 Betheme <= 28.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting — BethemeCWE-79 6.4 Medium2025-08-06
CVE-2025-3077 Betheme <= 28.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting — BethemeCWE-79 6.4 Medium2025-04-16
CVE-2025-0450 Betheme <= 27.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom JS — BethemeCWE-79 6.4 Medium2025-01-21
CVE-2024-5567 Betheme | Responsive Multipurpose WordPress & WooCommerce Theme <= 27.5.5 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File — BethemeCWE-79 6.4 Medium2024-09-13
CVE-2024-2694 Betheme <= 27.5.6 - Authenticated (Contributor+) PHP Object Injection — BethemeCWE-502 8.8 High2024-08-30
CVE-2024-3998 Betheme | Responsive Multipurpose WordPress & WooCommerce Theme <= 27.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — BethemeCWE-79 6.4 Medium2024-08-30
CVE-2023-39998 WordPress BeTheme theme <= 27.1.1 - Author+ Broken Access Control vulnerability — BethemeCWE-862 8.2 High2024-06-19
CVE-2022-45356 WordPress Betheme premium theme <= 26.6.1 - Broken Access Control vulnerability — BethemeCWE-862 5.4 Medium2024-03-25
CVE-2022-45352 WordPress Betheme premium theme <= 26.6.1 - Broken Access Control vulnerability — BethemeCWE-862 5.4 Medium2024-03-25
CVE-2022-45351 WordPress Betheme premium theme <= 26.6.1 - Broken Access Control vulnerability — BethemeCWE-862 5.4 Medium2024-03-25
CVE-2022-45349 WordPress Betheme premium theme <= 26.6.1 - Broken Access Control vulnerability — BethemeCWE-862 4.3 Medium2024-03-25
CVE-2023-29101 WordPress Betheme Theme <= 26.7.5 is vulnerable to Cross Site Scripting (XSS) — BethemeCWE-79 7.1 High2023-05-10
CVE-2022-45353 WordPress Betheme theme <= 26.6.1 is vulnerable to Broken Access Control — BethemeCWE-863 4.3 Medium2023-01-14
CVE-2022-3747 Becustom <= 1.0.5.2 - Cross-Site Request Forgery — BecustomCWE-352 8.8 High2022-11-29
CVE-2022-45363 WordPress Betheme premium theme <= 26.6.1 - Auth. Stored Cross-Site Scripting (XSS) vulnerability — BethemeCWE-79 5.4 Medium2022-11-22
CVE-2022-3861 Betheme <= 26.5.1.4 - Authenticated (Subscriber+) PHP Object Injection — BethemeCWE-502 8.8 High2022-11-21
CVE-2022-45077 WordPress Betheme theme <= 26.5.1.4 - Auth. PHP Object Injection vulnerability — Betheme (WordPress theme) 6.3 Medium2022-11-17

This page lists every published CVE security advisory associated with MuffinGroup. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.