CVE-2026-6262
Deferred Deferred - Pending Action
Arbitrary File Deletion in Betheme WordPress Theme

Publication date: 2026-05-05

Last updated on: 2026-05-05

Assigner: Wordfence

Description
The Betheme theme for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 28.4. This is due to the upload_icons() function workflow using a user-controlled upload path (`mfn-icon-upload`) in a filesystem move operation without constraining it to the uploads directory. This makes it possible for authenticated attackers, with contributor-level access and above, to move/delete arbitrary local files via path traversal.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-05
Last Modified
2026-05-05
Generated
2026-06-16
AI Q&A
2026-05-05
EPSS Evaluated
2026-06-15
NVD
CVE-2026-6262
EUVD
EUVD-2026-27303
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
muffingroup betheme to 28.4 (inc)
muffingroup betheme 28.4.1.1
betheme betheme to 28.4 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The Betheme theme for WordPress has a vulnerability called Arbitrary File Deletion in versions up to and including 28.4. This occurs because the upload_icons() function uses a user-controlled upload path without restricting it to the uploads directory. As a result, authenticated users with contributor-level access or higher can perform path traversal to move or delete arbitrary local files on the server.

Compliance Impact

The vulnerability allows authenticated attackers with contributor-level access and above to delete arbitrary local files via path traversal. This could lead to unauthorized modification or deletion of sensitive data stored on the server.

Such unauthorized file deletion could impact compliance with standards like GDPR and HIPAA, which require protection of data integrity and availability. If sensitive personal or health data is deleted or tampered with, it may result in violations of these regulations.

However, the provided information does not explicitly detail the compliance impact or any direct references to regulatory requirements.

Detection Guidance

This vulnerability involves the upload_icons() function in the Betheme WordPress theme allowing authenticated users with contributor-level access or higher to perform arbitrary file deletion via path traversal.

To detect exploitation attempts or presence of this vulnerability on your system, you can monitor web server logs for suspicious requests containing the parameter 'mfn-icon-upload' with path traversal patterns such as '../' sequences.

Example commands to search for such suspicious requests in Apache or Nginx access logs:

  • grep -i 'mfn-icon-upload' /var/log/apache2/access.log | grep '\.\./'
  • grep -i 'mfn-icon-upload' /var/log/nginx/access.log | grep '\.\./'

Additionally, you can scan your WordPress installation for the Betheme version. Versions up to and including 28.4 are vulnerable, so verifying the theme version can help identify if your system is at risk.

To check the Betheme version, you can look into the style.css file inside the theme directory or use WP-CLI commands if available.

  • grep 'Version' wp-content/themes/betheme/style.css
  • wp theme list --status=active
Impact Analysis

This vulnerability allows attackers with contributor-level access or higher to delete or move arbitrary files on the server. This can lead to loss or tampering of important files, potentially disrupting website functionality or causing data loss. Since the attacker does not need high privileges, the risk is significant for sites that allow contributor-level users.

Mitigation Strategies

To mitigate the Arbitrary File Deletion vulnerability in the Betheme WordPress theme, you should immediately update the theme to version 28.4.1.1 or later, where this issue has been fixed.

Additionally, restrict contributor-level and higher user permissions carefully, as the vulnerability requires authenticated users with contributor-level access or above.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-6262. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart