Filtered by vendor Apusthemes Subscriptions
Total 3 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-0453 1 Apusthemes 1 Wp Private Messaging 2024-11-21 4.3 Medium
The WP Private Message WordPress plugin (bundled with the Superio theme as a required plugin) before 1.0.6 does not ensure that private messages to be accessed belong to the user making the requests. This allowing any authenticated users to access private messages belonging to other users by tampering the ID.
CVE-2022-4114 1 Apusthemes 1 Superio 2024-11-21 5.4 Medium
The Superio WordPress theme does not sanitise and escape some parameters, which could allow users with a role as low as a subscriber to perform Cross-Site Scripting attacks.
CVE-2022-1167 1 Apusthemes 1 Careerup 2024-11-21 6.1 Medium
There are unauthenticated reflected Cross-Site Scripting (XSS) vulnerabilities in CareerUp Careerup WordPress theme before 2.3.1, via the filter parameters.