Lucene search
K

271 matches found

Vulnrichment
Vulnrichment
added 2025/04/25 11:12 a.m.12 views

CVE-2024-11917 JobSearch WP Job Board <= 2.9.2 - Authentication Bypass via Social Logins

The JobSearch WP Job Board plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.9.2. This is due to improper configurations in the 'jobsearchxingresponsedatacallback', 'setaccesstokes', and 'googlecallback' functions. This makes it possible for...

8.1CVSS8.1AI score0.00448EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/04/25 12:0 a.m.6 views

PT-2025-17898 · WordPress · Jobsearch Wp Job Board

Name of the Vulnerable Software and Affected Versions: JobSearch WP Job Board plugin for WordPress versions prior to 2.8.9 Description: The issue is related to authentication bypass due to improper configurations in the jobsearch xing response data callback, set access tokes, and google callback...

8.1CVSS8.7AI score0.00448EPSS
Exploits0References11
CNNVD
CNNVD
added 2025/04/25 12:0 a.m.6 views

WordPress plugin JobSearch WP Job Board 授权问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin JobSearch ...

8.1CVSS8.4AI score0.00448EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/02/06 4:24 a.m.11 views

CVE-2021-4361

The JobSearch WP Job Board plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the jobsearchjobintegrationssettinsave AJAX action in versions up to, and including, 1.8.1. This makes it possible for authenticated attackers to update arbitrary options on...

8.8CVSS6.6AI score0.01206EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 12:37 p.m.9 views

CVE-2024-43245

Improper Privilege Management vulnerability in eyecix JobSearch allows Privilege Escalation.This issue affects JobSearch: from n/a through 2.3.4...

9.8CVSS6.8AI score0.00473EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/02/05 12:33 p.m.12 views

CVE-2024-43931

Deserialization of Untrusted Data vulnerability in eyecix JobSearch allows Object Injection.This issue affects JobSearch: from n/a through 2.5.3...

9.8CVSS6.8AI score0.00523EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/02/05 8:32 a.m.7 views

CVE-2024-47394

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in eyecix JobSearch wp-jobsearch allows Reflected XSS.This issue affects JobSearch: from n/a through = 2.5.9...

7.1CVSS5.9AI score0.00292EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 8:21 a.m.9 views

CVE-2024-47636

Deserialization of Untrusted Data vulnerability in eyecix JobSearch wp-jobsearch allows Object Injection.This issue affects JobSearch: from n/a through = 2.5.9...

9.8CVSS5.9AI score0.00543EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 1:36 a.m.10 views

CVE-2024-11925

The JobSearch WP Job Board plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.6.7. This is due to the plugin not properly verifying a users identity when verifying an email address through the useraccountactivation function. This makes it possible f...

9.8CVSS7AI score0.00634EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/04 10:43 p.m.11 views

CVE-2024-8614

The JobSearch WP Job Board plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the jobsearchwphandleupload function in all versions up to, and including, 2.6.7. This makes it possible for authenticated attackers, with subscriber-level access and...

9.9CVSS7.7AI score0.00764EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/04 10:29 p.m.10 views

CVE-2024-8615

The JobSearch WP Job Board plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the jobsearchlocationloadexcelfilecallback function in all versions up to, and including, 2.6.7. This makes it possible for unauthenticated attackers to upload arbitrary...

10CVSS8AI score0.00829EPSS
Exploits0References1
NVD
NVD
added 2024/11/28 7:15 a.m.21 views

CVE-2024-11925

The JobSearch WP Job Board plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.6.7. This is due to the plugin not properly verifying a users identity when verifying an email address through the useraccountactivation function. This makes it possible f...

9.8CVSS0.00634EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/11/28 7:14 a.m.22 views

CVE-2024-11925 WP JobSearch <= 2.6.7 - Authentication Bypass to Account Takeover and Privilege Escalation

The JobSearch WP Job Board plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.6.7. This is due to the plugin not properly verifying a users identity when verifying an email address through the useraccountactivation function. This makes it possible f...

9.8CVSS9.6AI score0.00634EPSS
Exploits0References2
CVE
CVE
added 2024/11/28 7:14 a.m.72 views

CVE-2024-11925

The CVE-2024-11925 entry describes an authentication bypass in the JobSearch WP Job Board WordPress plugin (versions up to and including 2.6.7). The flaw arises from improper validation of a user’s identity during email verification in the user_account_activation function, allowing unauthenticate...

9.8CVSS9.6AI score0.00634EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/11/28 7:14 a.m.27 views

CVE-2024-11925 WP JobSearch <= 2.6.7 - Authentication Bypass to Account Takeover and Privilege Escalation

The JobSearch WP Job Board plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.6.7. This is due to the plugin not properly verifying a users identity when verifying an email address through the useraccountactivation function. This makes it possible f...

9.8CVSS0.00634EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/11/28 12:0 a.m.5 views

WordPress plugin JobSearch 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

9.8CVSS8.5AI score0.00634EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/11/28 12:0 a.m.6 views

PT-2024-17348 · WordPress · Jobsearch Wp Job Board

Name of the Vulnerable Software and Affected Versions: JobSearch WP Job Board plugin for WordPress versions up to 2.6.7 Description: The issue arises from the plugin not properly verifying a user's identity when verifying an email address through the user account activation function. This allows...

9.8CVSS7.3AI score0.00634EPSS
Exploits0References8
Patchstack
Patchstack
added 2024/11/27 10:9 p.m.7 views

WordPress WP JobSearch plugin <= 2.6.7 - Authentication Bypass to Account Takeover and Privilege Escalation vulnerability

Authentication Bypass to Account Takeover and Privilege Escalation vulnerability discovered by Tonn in WordPress Plugin JobSearch versions = 2.6.7...

9.8CVSS7AI score0.00634EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/11/27 12:0 a.m.22 views

WordPress JobSearch Plugin <= 2.6.7 is vulnerable to Privilege Escalation

Software JobSearch Type Plugin Vulnerable versions = 2.6.7 Fixed in 2.6.8 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-11925 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 9f2540380ea8 Credits Tonn Required...

9.8CVSS6.5AI score0.00634EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/11/06 9:15 a.m.3 views

CVE-2024-8615

The JobSearch WP Job Board plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the jobsearchlocationloadexcelfilecallback function in all versions up to, and including, 2.6.7. This makes it possible for unauthenticated attackers to upload arbitrary...

9.8CVSS7.9AI score0.00829EPSS
Exploits0References2
Rows per page
Query Builder