← Back

Apusthemes

apusthemes

5 CVEs • 3 products

Products (3)

Click to collapse
Toggle
Superio
superio
3 CVEs
Careerup
careerup
1 CVE
Wp Private Messaging
wp_private_messaging
1 CVE

CVEs (5)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2024-12296
1Apusthemes
1Superio
Apr 8, 2026
Feb 12, 2025
N/A· v4
8.8 HIGH· v3
N/A· v2
The Apus Framework plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'import_page_options' function in all versions up...Show more
The Apus Framework plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'import_page_options' function in all versions up to, and including, 2.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. NOTE: This vulnerability was partially fixed in version 2.4.Show less
CVE-2024-12213
1Apusthemes
1Superio
Apr 8, 2026
Feb 12, 2025
N/A· v4
9.8 CRITICAL· v3
N/A· v2
The WP Job Board Pro plugin for WordPress is vulnerable to privilege escalation in all versions up to 2.3.16. This is due to the plugin allowing a user to supply the 'role' field when registering. This makes it possible...Show more
The WP Job Board Pro plugin for WordPress is vulnerable to privilege escalation in all versions up to 2.3.16. This is due to the plugin allowing a user to supply the 'role' field when registering. This makes it possible for unauthenticated attackers to register as an administrator on vulnerable sites. Please note that this may have been patched sooner, however, the oldest available version for us to confirm this is patched in was 1.2.85.Show less
CVE-2023-0453
1Apusthemes
1Wp Private Messaging
Mar 12, 2025
Feb 21, 2023
N/A· v4
4.3 MEDIUM· v3
N/A· v2
The WP Private Message WordPress plugin (bundled with the Superio theme as a required plugin) before 1.0.6 does not ensure that private messages to be accessed belong to the user making the requests. This allowing any au...Show more
The WP Private Message WordPress plugin (bundled with the Superio theme as a required plugin) before 1.0.6 does not ensure that private messages to be accessed belong to the user making the requests. This allowing any authenticated users to access private messages belonging to other users by tampering the ID.Show less
CVE-2022-4114
1Apusthemes
1Superio
Apr 10, 2025
Jan 2, 2023
N/A· v4
5.4 MEDIUM· v3
N/A· v2
The Superio WordPress theme does not sanitise and escape some parameters, which could allow users with a role as low as a subscriber to perform Cross-Site Scripting attacks.
CVE-2022-1167
1Apusthemes
1Careerup
Nov 21, 2024
Apr 4, 2022
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
There are unauthenticated reflected Cross-Site Scripting (XSS) vulnerabilities in CareerUp Careerup WordPress theme before 2.3.1, via the filter parameters.