Lucene search

WordfenceCVELIST:CVE-2021-4361

HistoryJun 07, 2023 - 1:51 a.m.

CVE-2021-4361

2023-06-0701:51:28

Wordfence

www.cve.org

cve-2021-4361

jobsearch

wordpress

authorization bypass

vulnerability

ajax action

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.6 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.5%

JSON

The JobSearch WP Job Board plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the jobsearch_job_integrations_settin_save AJAX action in versions up to, and including, 1.8.1. This makes it possible for authenticated attackers to update arbitrary options on the site.

CNA Affected

[
  {
    "vendor": "https://codecanyon.net/item/jobsearch-wp-job-board-wordpress-plugin/21066856",
    "product": "JobSearch WP Job Board",
    "versions": [
      {
        "version": "*",
        "status": "affected",
        "lessThanOrEqual": "1.8.1",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

blog.nintechnet.com/wordpress-jobsearch-wp-job-board-plugin-fixed-vulnerability/

wpscan.com/vulnerability/a69aa52f-9876-4180-97a4-713459b43f24

www.wordfence.com/threat-intel/vulnerabilities/id/839a0cc0-a656-4107-a748-4ad85e950237?source=cve

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.6 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.5%

JSON

Related for CVELIST:CVE-2021-4361