105 matches found
CVE-2024-11285
CVE-2024-11285 (WP JobHunt
CVE-2024-11285 WP JobHunt <= 7.1 - Unauthenticated Privilege Escalation via Email Update/Account Takeover
The WP JobHunt plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 7.1. This is due to the plugin not properly validating a user's identity prior to updating their details like email via the accountsettingscallback function. This...
CVE-2024-11285 WP JobHunt <= 7.1 - Unauthenticated Privilege Escalation via Email Update/Account Takeover
The WP JobHunt plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 7.1. This is due to the plugin not properly validating a user's identity prior to updating their details like email via the accountsettingscallback function. This...
WordPress plugin WP JobHunt 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin WP JobHunt...
WordPress plugin WP JobHunt 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
WordPress plugin WP JobHunt 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
PT-2025-11233 · WordPress · Wp Jobhunt
Name of the Vulnerable Software and Affected Versions: WP JobHunt plugin for WordPress versions up to, and including, 6.9 Description: The issue is related to privilege escalation via account takeover. This is due to the plugin not properly validating a user's identity prior to updating their...
PT-2025-11234
Name of the Vulnerable Software and Affected Versions: WP JobHunt plugin for WordPress versions up to, and including, 7.1 Description: The issue is related to privilege escalation via account takeover. This occurs because the plugin does not properly validate a user's identity before updating the...
PT-2025-11235 · WordPress · Wp Jobhunt
Name of the Vulnerable Software and Affected Versions: WP JobHunt plugin for WordPress versions up to, and including, 7.1 Description: The issue is related to authentication bypass due to the plugin not properly verifying a user's identity prior to authenticating them through the cs parse request...
PT-2025-11232 · WordPress · Wp Jobhunt
Name of the Vulnerable Software and Affected Versions: WP JobHunt plugin for WordPress versions up to, and including, 7.1 Description: The issue is related to authentication bypass. This is due to the wp ajax google api login callback function not properly verifying a user's identity prior to...
WordPress plugin WP JobHunt 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
WordPress WP JobHunt plugin <= 7.1 - Authentication Bypass vulnerability
Authentication Bypass vulnerability discovered by Tonn in WordPress Plugin WP JobHunt versions = 7.1...
WordPress WP JobHunt plugin <= 7.1 - Unauthenticated Privilege Escalation via Password Reset/Account Takeover vulnerability
Unauthenticated Privilege Escalation via Password Reset/Account Takeover vulnerability discovered by Tonn in WordPress Plugin WP JobHunt versions = 7.1...
WordPress WP JobHunt plugin <= 7.1 - Authentication Bypass to Candidate vulnerability
Authentication Bypass to Candidate vulnerability discovered by Tonn in WordPress Plugin WP JobHunt versions = 7.1...
CVE-2018-19488
The WP-jobhunt plugin before version 2.4 for WordPress does not control AJAX requests sent to the csresetpass function through the admin-ajax.php file, which allows remote unauthenticated attackers to reset the password of a user's account...
CVE-2018-19488
The WP-jobhunt plugin before version 2.4 for WordPress does not control AJAX requests sent to the csresetpass function through the admin-ajax.php file, which allows remote unauthenticated attackers to reset the password of a user's account...
CVE-2018-19487
The WP-jobhunt plugin before version 2.4 for WordPress does not control AJAX requests sent to the csemployerajaxprofile function through the admin-ajax.php file, which allows remote unauthenticated attackers to enumerate information about users...
CVE-2018-19487
The WP-jobhunt plugin before version 2.4 for WordPress does not control AJAX requests sent to the csemployerajaxprofile function through the admin-ajax.php file, which allows remote unauthenticated attackers to enumerate information about users...
Default credentials
The WP-jobhunt plugin before version 2.4 for WordPress does not control AJAX requests sent to the csresetpass function through the admin-ajax.php file, which allows remote unauthenticated attackers to reset the password of a user's account...
Code injection
The WP-jobhunt plugin before version 2.4 for WordPress does not control AJAX requests sent to the csemployerajaxprofile function through the admin-ajax.php file, which allows remote unauthenticated attackers to enumerate information about users...