Lucene search

K

Recruitment Security Vulnerabilities

cve
cve

CVE-2024-1173

The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter in all versions up to, and including, 1.13.1 due to insufficient escaping on the user supplied parameter and lack of.....

7.2CVSS

7.1AI Score

0.001EPSS

2024-05-02 05:15 PM
25
cve
cve

CVE-2024-0952

The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter in all versions up to, and including, 1.12.9 due to insufficient escaping on the user supplied parameter and lack of.....

7.2CVSS

9.3AI Score

0.0004EPSS

2024-04-09 07:15 PM
34
cve
cve

CVE-2024-0913

The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to time-based SQL Injection via the erp/v1/accounting/v1/transactions/sales REST API endpoint in all versions up to, and including, 1.12.9 due to insufficient...

7.2CVSS

9.3AI Score

0.0004EPSS

2024-03-29 07:15 AM
32
cve
cve

CVE-2024-0956

The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter via the erp/v1/accounting/v1/vendors/1/products/ REST route in all versions up to, and including, 1.12.9 due to...

7.2CVSS

9.3AI Score

0.0004EPSS

2024-03-29 07:15 AM
27
cve
cve

CVE-2024-0608

The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to union-based SQL Injection via the 'email' parameter in all versions up to, and including, 1.12.9 due to insufficient escaping on the user supplied parameter and...

8.8CVSS

9.3AI Score

0.0004EPSS

2024-03-29 07:15 AM
27
cve
cve

CVE-2024-0609

The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'api_key' parameter in all versions up to, and including, 1.12.9 due to insufficient input sanitization and output escaping....

7.2CVSS

7.8AI Score

0.0004EPSS

2024-03-29 07:15 AM
29
cve
cve

CVE-2023-6843

The easy.jobs- Best Recruitment Plugin for Job Board Listing, Manager, Career Page for Elementor & Gutenberg WordPress plugin before 2.4.7 does not properly secure some of its AJAX actions, allowing any logged-in users to modify its...

4.3CVSS

4.6AI Score

0.0004EPSS

2024-01-15 04:15 PM
20
cve
cve

CVE-2024-21747

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting.This issue affects WP ERP | Complete HR solution with recruitment & job listings | WooCommerce...

7.6CVSS

5.9AI Score

0.0005EPSS

2024-01-08 05:15 PM
15
cve
cve

CVE-2023-48288

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HM Plugin WordPress Job Board and Recruitment Plugin – JobWP.This issue affects WordPress Job Board and Recruitment Plugin – JobWP: from n/a through...

7.5CVSS

7.4AI Score

0.001EPSS

2023-12-21 02:15 PM
60
cve
cve

CVE-2023-29384

Unrestricted Upload of File with Dangerous Type vulnerability in HM Plugin WordPress Job Board and Recruitment Plugin – JobWP.This issue affects WordPress Job Board and Recruitment Plugin – JobWP: from n/a through...

10CVSS

9.4AI Score

0.001EPSS

2023-12-20 07:15 PM
27
cve
cve

CVE-2020-36735

The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.3. This is due to missing or incorrect nonce validation on the handle_leave_calendar_filter,...

4.3CVSS

4.2AI Score

0.001EPSS

2023-07-01 03:15 AM
14
cve
cve

CVE-2023-2744

The ERP WordPress plugin before 1.12.4 does not properly sanitise and escape the type parameter in the erp/v1/accounting/v1/people REST API endpoint before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as...

7.2CVSS

7.1AI Score

0.001EPSS

2023-06-27 02:15 PM
21
cve
cve

CVE-2023-2743

The ERP WordPress plugin before 1.12.4 does not sanitise and escape the employee_name parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as...

6.1CVSS

6AI Score

0.001EPSS

2023-06-27 02:15 PM
19
cve
cve

CVE-2021-41931

The Company's Recruitment Management System in id=2 of the parameter from view_vacancy app on-page appears to be vulnerable to SQL injection. The payloads 19424269' or '1309'='1309 and 39476597' or '2917'='2923 were each submitted in the id parameter. These two requests resulted in different...

9.8CVSS

9.7AI Score

0.002EPSS

2021-11-17 12:15 PM
41
cve
cve

CVE-2014-1224

Incomplete blacklist vulnerability in the user registration feature in rexx Recruitment R6.1 and R7 without "fixes from 2014-01-15" allows remote attackers to conduct cross-site scripting (XSS) attacks via the oninput event handler in the fname parameter to the default URI in...

5.9AI Score

0.003EPSS

2014-10-06 11:55 PM
20
cve
cve

CVE-2010-0758

SQL injection vulnerability in news_desc.php in Softbiz Jobs allows remote attackers to execute arbitrary SQL commands via the id...

8.7AI Score

0.001EPSS

2010-02-27 12:30 AM
20
cve
cve

CVE-2007-5316

SQL injection vulnerability in browsecats.php in Softbiz Jobs and Recruitment Script allows remote attackers to execute arbitrary SQL commands via the cid...

8.4AI Score

0.003EPSS

2007-10-09 09:17 PM
28
cve
cve

CVE-2005-4626

The default configuration of Recruitment Software installs admin/site.xml under the web document root with insufficient access control, which might allow remote attackers to obtain sensitive information (MySQL database credentials) via a direct...

6.6AI Score

0.004EPSS

2006-01-06 11:00 AM
23
cve
cve

CVE-2004-2156

Multiple unknown vulnerabilities in Online Recruitment Agency 1.0 have unknown impact and attack...

7.2AI Score

0.004EPSS

2005-07-10 04:00 AM
21