CVE-2026-23806

Missing Authorization vulnerability in BlueGlass Interactive AG Jobs for WordPress job-postings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Jobs for WordPress: from n/a through = 2.8...

CVE-2026-23806

CVE-2026-23806 corresponds to a Missing Authorization / Broken Access Control vulnerability in the WordPress plugin Jobs for WordPress, affecting versions through 2.8. The issue arises from incorrectly configured access control security levels, potentially enabling unauthorized access or actions ...

PT-2026-27841

Name of the Vulnerable Software and Affected Versions Jobs for WordPress versions through 2.8 Description An authorization issue exists in BlueGlass Interactive AG Jobs for WordPress job postings. This allows exploitation of incorrectly configured access control security levels. Recommendations...

CVE-2026-24036

Horilla is a free and open source Human Resource Management System HRMS. Versions 1.4.0 and above expose unpublished job postings through the /recruitment/recruitment-details// endpoint without authentication. The response includes draft job titles, descriptions and application link allowing...

CVE-2026-24036

Horilla HRMS (versions 1.4.0 and above) exposes unpublished job postings via the unauthenticated /recruitment/recruitment-details// endpoint. The underlying issue allows viewing draft job titles, descriptions, and application links, revealing internal hiring information and potentially causing ca...

EUVD-2025-205238

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in BlueGlass Interactive AG Jobs for WordPress job-postings allows Stored XSS.This issue affects Jobs for WordPress: from n/a through = 2.7.17...

CVE-2025-68597

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in BlueGlass Interactive AG Jobs for WordPress job-postings allows Stored XSS.This issue affects Jobs for WordPress: from n/a through = 2.8.1...

CVE-2024-10105

The Job Postings WordPress plugin before 2.7.11 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-10105

The Job Postings WordPress plugin before 2.7.11 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-10105

The CVE-2024-10105 issue affects the WordPress Job Postings plugin (versions prior to 2.7.11). The root cause is inadequate sanitisation and escaping of certain plugin settings, enabling Stored XSS by high-privilege users (e.g., contributors) even when unfiltered_html is disallowed, including mul...

CVE-2024-10105 Jobs for WordPress < 2.7.11 - Contributor+ Stored XSS

The Job Postings WordPress plugin before 2.7.11 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

PT-2025-12738 · WordPress · Job Postings

Name of the Vulnerable Software and Affected Versions: Job Postings WordPress plugin versions prior to 2.7.11 Description: The issue allows high privilege users, such as contributors, to perform Stored Cross-Site Scripting attacks. This is possible because the plugin does not properly sanitise an...

WordPress plugin Job Postings 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in the...

We can try to bridge the cybersecurity skills gap, but that doesn’t necessarily mean more jobs for defenders

I have written about the dreaded " cybersecurity skills gap" more times than I can remember in this newsletter, but I feel like it's time to revisit this topic again. That's because the White House announced a new initiative last week for the U.S. government called the " Service for America"...

Hookup site targeted by typo-squatters

Ethical hacker and security researcher Kody Kinzie shared with BleepingComputer a list of over 50 domains of which many are spelling variations of the brand name Sniffies. Sniffies identifies itself as a "modern, map-based, meetup app for gay, bi, and curious guys." Kody used an open source tool...

A week in security (January 31 – February 6)

Last week on Malwarebytes Labs: Threat actor steals email with Zimbra zero-day FBI warns of bogus job postings on recruitment sites Investment scams are on the rise A worrying Etsy listing reveals the stalking potential of Apple’s AirTags Beware bogus OperaGX sponsorship offers $320 milllion stol...

Cross-site Scripting Vulnerability in DSCms Enterprise Content Management System v1.3

DSCms enterprise station content management system is a enterprise website system launched by Changsha Desha Network Technology Co. DSCms Enterprise Content Management System v1.3 suffers from a cross-site scripting vulnerability, which stems from the failure to filter user-submitted job postings...

WordPress Resume Submissions & Job Postings 2.5.1 - Unrestricted File Upload

No description provided by source. Exploit Title: WordPress Resume Submissions & Job Postings v2.5.1 Unrestricted File Upload Date: 7/9/12 Exploit Author: Chris Kellum Vendor Homepage: http://www.geerservices.com/ Software Link:...

WordPress Resume Submissions / Job Postings 2.5.1 Shell Upload

Exploit Title: WordPress Resume Submissions & Job Postings v2.5.1 Unrestricted File Upload Date: 7/9/12 Exploit Author: Chris Kellum Vendor Homepage: http://www.geerservices.com/ Software Link: http://downloads.wordpress.org/plugin/resume-submissions-job-postings.2.5.1.zip Version: 2.5.1...

WordPress Resume Submissions & Job Postings v2.5.1 Unrestricted File Upload

Exploit for php platform in category web applications Exploit Title: WordPress Resume Submissions & Job Postings v2.5.1 Unrestricted File Upload Date: 7/9/12 Exploit Author: Chris Kellum Vendor Homepage: http://www.geerservices.com/ Software Link:...