Search criteria
6 vulnerabilities found for superio by apusthemes
CVE-2024-12296 (GCVE-0-2024-12296)
Vulnerability from nvd – Published: 2025-02-12 09:22 – Updated: 2025-02-12 16:07
VLAI?
Title
Apus Framework <= 2.3 - Authenticated (Subscriber+) Arbitrary Options Update in import_page_options
Summary
The Apus Framework plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'import_page_options' function in all versions up to, and including, 2.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.
Severity ?
8.8 (High)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ApusTheme | Apus Framework |
Affected:
* , ≤ 2.3
(semver)
|
Credits
Tonn
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12296",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-12T14:56:49.754163Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T16:07:44.680Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apus Framework",
"vendor": "ApusTheme",
"versions": [
{
"lessThanOrEqual": "2.3",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Tonn"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Apus Framework plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the \u0027import_page_options\u0027 function in all versions up to, and including, 2.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T09:22:52.542Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/dda2c437-8f41-480a-8816-2c07ab0eafa7?source=cve"
},
{
"url": "https://themeforest.net/item/superio-job-board-wordpress-theme/32180231"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-12-06T00:00:00.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-02-11T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "Apus Framework \u003c= 2.3 - Authenticated (Subscriber+) Arbitrary Options Update in import_page_options"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-12296",
"datePublished": "2025-02-12T09:22:52.542Z",
"dateReserved": "2024-12-06T03:20:45.650Z",
"dateUpdated": "2025-02-12T16:07:44.680Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-12213 (GCVE-0-2024-12213)
Vulnerability from nvd – Published: 2025-02-12 09:22 – Updated: 2025-02-12 16:08
VLAI?
Title
WP Job Board Pro <= 1.2.76 - Unauthenticated Privilege Escalation via process_register
Summary
The WP Job Board Pro plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.2.76. This is due to the plugin allowing a user to supply the 'role' field when registering. This makes it possible for unauthenticated attackers to register as an administrator on vulnerable sites.
Severity ?
9.8 (Critical)
CWE
- CWE-266 - Incorrect Privilege Assignment
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| http://apusthemes.com/ | WP Job Board Pro |
Affected:
* , ≤ 1.2.76
(semver)
|
Credits
Friderika Baranyai
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12213",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-12T14:58:04.093652Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T16:08:13.748Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WP Job Board Pro",
"vendor": "http://apusthemes.com/",
"versions": [
{
"lessThanOrEqual": "1.2.76",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Friderika Baranyai"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP Job Board Pro plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.2.76. This is due to the plugin allowing a user to supply the \u0027role\u0027 field when registering. This makes it possible for unauthenticated attackers to register as an administrator on vulnerable sites."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "CWE-266 Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T09:22:49.896Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7cdfce88-b6c2-4820-9d6f-446f61b9b596?source=cve"
},
{
"url": "https://themeforest.net/item/superio-job-board-wordpress-theme/32180231"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-12-05T00:00:00.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-02-11T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "WP Job Board Pro \u003c= 1.2.76 - Unauthenticated Privilege Escalation via process_register"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-12213",
"datePublished": "2025-02-12T09:22:49.896Z",
"dateReserved": "2024-12-04T21:16:33.871Z",
"dateUpdated": "2025-02-12T16:08:13.748Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-4114 (GCVE-0-2022-4114)
Vulnerability from nvd – Published: 2023-01-02 21:49 – Updated: 2025-04-10 18:51
VLAI?
Title
Superio - Job Board < 1.2.33 - Subscriber+ Stored Cross-Site Scripting
Summary
The Superio WordPress theme does not sanitise and escape some parameters, which could allow users with a role as low as a subscriber to perform Cross-Site Scripting attacks.
Severity ?
5.4 (Medium)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Credits
Veshraj Ghimire
WPScan
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:27:54.443Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/7569f4ac-05c9-43c9-95e0-5cc360524bbd"
},
{
"tags": [
"x_transferred"
],
"url": "https://themeforest.net/item/superio-job-board-wordpress-theme/32180231"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-4114",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-10T18:50:28.479395Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-10T18:51:03.437Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Superio",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.2.33",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Veshraj Ghimire"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Superio WordPress theme does not sanitise and escape some parameters, which could allow users with a role as low as a subscriber to perform Cross-Site Scripting attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Cross-Site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-10T09:08:46.097Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/7569f4ac-05c9-43c9-95e0-5cc360524bbd"
},
{
"url": "https://themeforest.net/item/superio-job-board-wordpress-theme/32180231"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Superio - Job Board \u003c 1.2.33 - Subscriber+ Stored Cross-Site Scripting",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-4114",
"datePublished": "2023-01-02T21:49:27.563Z",
"dateReserved": "2022-11-22T07:01:33.817Z",
"dateUpdated": "2025-04-10T18:51:03.437Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-12296 (GCVE-0-2024-12296)
Vulnerability from cvelistv5 – Published: 2025-02-12 09:22 – Updated: 2025-02-12 16:07
VLAI?
Title
Apus Framework <= 2.3 - Authenticated (Subscriber+) Arbitrary Options Update in import_page_options
Summary
The Apus Framework plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'import_page_options' function in all versions up to, and including, 2.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.
Severity ?
8.8 (High)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ApusTheme | Apus Framework |
Affected:
* , ≤ 2.3
(semver)
|
Credits
Tonn
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12296",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-12T14:56:49.754163Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T16:07:44.680Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apus Framework",
"vendor": "ApusTheme",
"versions": [
{
"lessThanOrEqual": "2.3",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Tonn"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Apus Framework plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the \u0027import_page_options\u0027 function in all versions up to, and including, 2.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T09:22:52.542Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/dda2c437-8f41-480a-8816-2c07ab0eafa7?source=cve"
},
{
"url": "https://themeforest.net/item/superio-job-board-wordpress-theme/32180231"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-12-06T00:00:00.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-02-11T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "Apus Framework \u003c= 2.3 - Authenticated (Subscriber+) Arbitrary Options Update in import_page_options"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-12296",
"datePublished": "2025-02-12T09:22:52.542Z",
"dateReserved": "2024-12-06T03:20:45.650Z",
"dateUpdated": "2025-02-12T16:07:44.680Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-12213 (GCVE-0-2024-12213)
Vulnerability from cvelistv5 – Published: 2025-02-12 09:22 – Updated: 2025-02-12 16:08
VLAI?
Title
WP Job Board Pro <= 1.2.76 - Unauthenticated Privilege Escalation via process_register
Summary
The WP Job Board Pro plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.2.76. This is due to the plugin allowing a user to supply the 'role' field when registering. This makes it possible for unauthenticated attackers to register as an administrator on vulnerable sites.
Severity ?
9.8 (Critical)
CWE
- CWE-266 - Incorrect Privilege Assignment
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| http://apusthemes.com/ | WP Job Board Pro |
Affected:
* , ≤ 1.2.76
(semver)
|
Credits
Friderika Baranyai
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12213",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-12T14:58:04.093652Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T16:08:13.748Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WP Job Board Pro",
"vendor": "http://apusthemes.com/",
"versions": [
{
"lessThanOrEqual": "1.2.76",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Friderika Baranyai"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP Job Board Pro plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.2.76. This is due to the plugin allowing a user to supply the \u0027role\u0027 field when registering. This makes it possible for unauthenticated attackers to register as an administrator on vulnerable sites."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "CWE-266 Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T09:22:49.896Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7cdfce88-b6c2-4820-9d6f-446f61b9b596?source=cve"
},
{
"url": "https://themeforest.net/item/superio-job-board-wordpress-theme/32180231"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-12-05T00:00:00.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-02-11T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "WP Job Board Pro \u003c= 1.2.76 - Unauthenticated Privilege Escalation via process_register"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-12213",
"datePublished": "2025-02-12T09:22:49.896Z",
"dateReserved": "2024-12-04T21:16:33.871Z",
"dateUpdated": "2025-02-12T16:08:13.748Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-4114 (GCVE-0-2022-4114)
Vulnerability from cvelistv5 – Published: 2023-01-02 21:49 – Updated: 2025-04-10 18:51
VLAI?
Title
Superio - Job Board < 1.2.33 - Subscriber+ Stored Cross-Site Scripting
Summary
The Superio WordPress theme does not sanitise and escape some parameters, which could allow users with a role as low as a subscriber to perform Cross-Site Scripting attacks.
Severity ?
5.4 (Medium)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Credits
Veshraj Ghimire
WPScan
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:27:54.443Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/7569f4ac-05c9-43c9-95e0-5cc360524bbd"
},
{
"tags": [
"x_transferred"
],
"url": "https://themeforest.net/item/superio-job-board-wordpress-theme/32180231"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-4114",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-10T18:50:28.479395Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-10T18:51:03.437Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Superio",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.2.33",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Veshraj Ghimire"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Superio WordPress theme does not sanitise and escape some parameters, which could allow users with a role as low as a subscriber to perform Cross-Site Scripting attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Cross-Site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-10T09:08:46.097Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/7569f4ac-05c9-43c9-95e0-5cc360524bbd"
},
{
"url": "https://themeforest.net/item/superio-job-board-wordpress-theme/32180231"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Superio - Job Board \u003c 1.2.33 - Subscriber+ Stored Cross-Site Scripting",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-4114",
"datePublished": "2023-01-02T21:49:27.563Z",
"dateReserved": "2022-11-22T07:01:33.817Z",
"dateUpdated": "2025-04-10T18:51:03.437Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}