EUVD-2024-51706

Malicious code in bioql PyPI...

CVE-2024-13654

The ZoxPress - The All-In-One WordPress News Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'resetoptions' function in all versions up to, and including, 2.12.0. This makes it possible for...

CVE-2024-13653

The ZoxPress - The All-In-One WordPress News Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'backupoptions' and 'restoreoptions' functions in all versions up to, and including, 2.12.0. Thi...

CVE-2024-13654

The ZoxPress - The All-In-One WordPress News Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'resetoptions' function in all versions up to, and including, 2.12.0. This makes it possible for...

CVE-2024-13654

CVE-2024-13654 concerns the WordPress theme ZoxPress (

CVE-2024-13654 ZoxPress - The All-In-One WordPress News Theme <= 2.12.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Deletion

The ZoxPress - The All-In-One WordPress News Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'resetoptions' function in all versions up to, and including, 2.12.0. This makes it possible for...

CVE-2024-13653 ZoxPress - The All-In-One WordPress News Theme <= 2.12.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update

The ZoxPress - The All-In-One WordPress News Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'backupoptions' and 'restoreoptions' functions in all versions up to, and including, 2.12.0. Thi...

CVE-2024-13653

CVE-2024-13653 affects ZoxPress (WordPress Theme) versions up to 2.12.0. A missing capability check in the backup_options function allows authenticated attackers with Subscriber-level access or higher to modify arbitrary options, enabling potential privilege escalation (e.g., changing the default...

CVE-2024-13653 ZoxPress - The All-In-One WordPress News Theme <= 2.12.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update

The ZoxPress - The All-In-One WordPress News Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'backupoptions' function in all versions up to, and including, 2.12.0. This makes it possible fo...

PT-2025-6436 · Zoxpress +1 · Zoxpress +1

Name of the Vulnerable Software and Affected Versions: The ZoxPress - The All-In-One WordPress News Theme versions up to, and including, 2.12.0 Description: The issue allows unauthorized modification of data, leading to privilege escalation due to a missing capability check on the backup options...