Vulnerabilities > Apusthemes
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-12 | CVE-2024-12213 | Incorrect Privilege Assignment vulnerability in Apusthemes Superio The WP Job Board Pro plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.2.76. | 9.8 |
| 2025-02-12 | CVE-2024-12296 | Missing Authorization vulnerability in Apusthemes Superio The Apus Framework plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'import_page_options' function in all versions up to, and including, 2.3. | 8.8 |
| 2023-02-21 | CVE-2023-0453 | Unspecified vulnerability in Apusthemes WP Private Messaging The WP Private Message WordPress plugin (bundled with the Superio theme as a required plugin) before 1.0.6 does not ensure that private messages to be accessed belong to the user making the requests. | 4.3 |
| 2023-01-02 | CVE-2022-4114 | Unspecified vulnerability in Apusthemes Superio The Superio WordPress theme does not sanitise and escape some parameters, which could allow users with a role as low as a subscriber to perform Cross-Site Scripting attacks. | 5.4 |
| 2022-04-04 | CVE-2022-1167 | Cross-site Scripting vulnerability in Apusthemes Careerup There are unauthenticated reflected Cross-Site Scripting (XSS) vulnerabilities in CareerUp Careerup WordPress theme before 2.3.1, via the filter parameters. | 6.1 |