WordPress WP JobHunt plugin <= 7.1 - Unauthenticated Privilege Escalation via Email Update/Account Takeover vulnerability

Unauthenticated Privilege Escalation via Email Update/Account Takeover vulnerability discovered by Tonn in WordPress Plugin WP JobHunt versions = 7.1...

WordPress WP JobHunt plugin <= 7.7 - Authenticated (Candidate+) Insecure Direct Object Reference vulnerability

Authenticated Candidate+ Insecure Direct Object Reference vulnerability discovered by meghnine islem - CYBEARS in WordPress Plugin WP JobHunt versions = 7.7...

WordPress WP JobHunt plugin <= 7.7 - Missing Authorization to Authenticated (Candidate+) Stored Cross-Site Scripting via 'status' vulnerability

Missing Authorization to Authenticated Candidate+ Stored Cross-Site Scripting via 'status' vulnerability discovered by meghnine islem - CYBEARS in WordPress Plugin WP JobHunt versions = 7.7...

CVE-2025-7782

The WP JobHunt plugin for WordPress, used by the JobCareer theme, is vulnerable to unauthorized modification of data due to a missing capability check on the 'csupdateapplicationstatuscallback' function in all versions up to, and including, 7.7. This makes it possible for authenticated attackers,...

CVE-2025-7733

The WP JobHunt plugin for WordPress, used by the JobCareer theme, is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 7.7 via the 'csupdateapplicationstatuscallback' due to missing validation on a user controlled key. This makes it possible for authenticated...

CVE-2025-7782

CVE-2025-7782 affects the WP JobHunt plugin for WordPress (used by the JobCareer theme). Root cause: a missing capability check in cs_update_application_status_callback affects all versions up to 7.7, enabling authenticated attackers with Candidate+ privileges to modify data and inject cross-site...

CVE-2025-7733 WP JobHunt <= 7.7 - Authenticated (Candidate+) Insecure Direct Object Reference

The WP JobHunt plugin for WordPress, used by the JobCareer theme, is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 7.7 via the 'csupdateapplicationstatuscallback' due to missing validation on a user controlled key. This makes it possible for authenticated...

PT-2025-52551

Name of the Vulnerable Software and Affected Versions WP JobHunt plugin for WordPress versions prior to 7.8 Description The WP JobHunt plugin for WordPress is susceptible to unauthorized data modification. A missing capability check within the cs update application status callback function allows...

PT-2025-52550

Name of the Vulnerable Software and Affected Versions WP JobHunt plugin for WordPress versions prior to 7.8 Description The WP JobHunt plugin for WordPress is susceptible to an Insecure Direct Object Reference issue. This affects versions up to and including 7.7, stemming from a lack of validatio...

WordPress plugin WP JobHunt 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

WordPress plugin WP JobHunt 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

CVE-2025-7374

The WP JobHunt plugin for WordPress, used by the JobCareer theme, is vulnerable to authorization bypass in all versions up to, and including, 7.6. This is due to insufficient login restrictions on inactive and pending accounts. This makes it possible for authenticated attackers, with Candidate- a...

EUVD-2025-33709

The WP JobHunt plugin for WordPress, used by the JobCareer theme, is vulnerable to authorization bypass in all versions up to, and including, 7.6. This is due to insufficient login restrictions on inactive and pending accounts. This makes it possible for authenticated attackers, with Candidate- a...

CVE-2025-7781

The WP JobHunt plugin for WordPress, used by the JobCareer theme, is vulnerable to Stored Cross-Site Scripting via the ‘csjobtitle’ parameter in all versions up to, and including, 7.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

CVE-2025-7374 WP JobHunt <= 7.6 Authenticated (Custom+) Authorization Bypass

The WP JobHunt plugin for WordPress, used by the JobCareer theme, is vulnerable to authorization bypass in all versions up to, and including, 7.6. This is due to insufficient login restrictions on inactive and pending accounts. This makes it possible for authenticated attackers, with Candidate- a...

CVE-2025-7781 WP JobHunt <= 7.6 - Authenticated (Candidate+) Stored Cross-Site Scripting via ‘cs_job_title’

The WP JobHunt plugin for WordPress, used by the JobCareer theme, is vulnerable to Stored Cross-Site Scripting via the ‘csjobtitle’ parameter in all versions up to, and including, 7.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

CVE-2025-7781 WP JobHunt <= 7.6 - Authenticated (Candidate+) Stored Cross-Site Scripting via ‘cs_job_title’

The WP JobHunt plugin for WordPress, used by the JobCareer theme, is vulnerable to Stored Cross-Site Scripting via the ‘csjobtitle’ parameter in all versions up to, and including, 7.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

CVE-2025-7781

CVE-2025-7781 affects WP JobHunt (WordPress plugin) up to version 7.6, with a Stored Cross-Site Scripting via the cs_job_title parameter due to insufficient input sanitization and output escaping. Exploitation requires authenticated access at Candidate level or higher, and the vulnerability can c...

WordPress plugin WP JobHunt 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

PT-2025-41558

Name of the Vulnerable Software and Affected Versions WP JobHunt plugin for WordPress versions prior to 7.7 Description The WP JobHunt plugin for WordPress, used by the JobCareer theme, has a flaw that allows malicious code to be stored and executed when a user views an affected page. This is due...