Vulnerabilities > Mvpthemes > Zoxpress

DATE CVE VULNERABILITY TITLE RISK
2025-02-12 CVE-2024-13653 Missing Authorization vulnerability in Mvpthemes Zoxpress
The ZoxPress - The All-In-One WordPress News Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'backup_options' function in all versions up to, and including, 2.12.0.
network
low complexity
mvpthemes CWE-862
8.8
8.8
2025-02-12 CVE-2024-13654 Missing Authorization vulnerability in Mvpthemes Zoxpress
The ZoxPress - The All-In-One WordPress News Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'reset_options' function in all versions up to, and including, 2.12.0.
network
low complexity
mvpthemes CWE-862
8.1
8.1