271 matches found
CVE-2024-11917 JobSearch WP Job Board <= 2.9.2 - Authentication Bypass via Social Logins
The JobSearch WP Job Board plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.9.2. This is due to improper configurations in the 'jobsearchxingresponsedatacallback', 'setaccesstokes', and 'googlecallback' functions. This makes it possible for...
PT-2025-17898 · WordPress · Jobsearch Wp Job Board
Name of the Vulnerable Software and Affected Versions: JobSearch WP Job Board plugin for WordPress versions prior to 2.8.9 Description: The issue is related to authentication bypass due to improper configurations in the jobsearch xing response data callback, set access tokes, and google callback...
WordPress plugin JobSearch WP Job Board 授权问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin JobSearch ...
CVE-2021-4361
The JobSearch WP Job Board plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the jobsearchjobintegrationssettinsave AJAX action in versions up to, and including, 1.8.1. This makes it possible for authenticated attackers to update arbitrary options on...
CVE-2024-43245
Improper Privilege Management vulnerability in eyecix JobSearch allows Privilege Escalation.This issue affects JobSearch: from n/a through 2.3.4...
CVE-2024-43931
Deserialization of Untrusted Data vulnerability in eyecix JobSearch allows Object Injection.This issue affects JobSearch: from n/a through 2.5.3...
CVE-2024-47394
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in eyecix JobSearch wp-jobsearch allows Reflected XSS.This issue affects JobSearch: from n/a through = 2.5.9...
CVE-2024-47636
Deserialization of Untrusted Data vulnerability in eyecix JobSearch wp-jobsearch allows Object Injection.This issue affects JobSearch: from n/a through = 2.5.9...
CVE-2024-11925
The JobSearch WP Job Board plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.6.7. This is due to the plugin not properly verifying a users identity when verifying an email address through the useraccountactivation function. This makes it possible f...
CVE-2024-8614
The JobSearch WP Job Board plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the jobsearchwphandleupload function in all versions up to, and including, 2.6.7. This makes it possible for authenticated attackers, with subscriber-level access and...
CVE-2024-8615
The JobSearch WP Job Board plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the jobsearchlocationloadexcelfilecallback function in all versions up to, and including, 2.6.7. This makes it possible for unauthenticated attackers to upload arbitrary...
CVE-2024-11925
The JobSearch WP Job Board plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.6.7. This is due to the plugin not properly verifying a users identity when verifying an email address through the useraccountactivation function. This makes it possible f...
CVE-2024-11925 WP JobSearch <= 2.6.7 - Authentication Bypass to Account Takeover and Privilege Escalation
The JobSearch WP Job Board plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.6.7. This is due to the plugin not properly verifying a users identity when verifying an email address through the useraccountactivation function. This makes it possible f...
CVE-2024-11925
The CVE-2024-11925 entry describes an authentication bypass in the JobSearch WP Job Board WordPress plugin (versions up to and including 2.6.7). The flaw arises from improper validation of a user’s identity during email verification in the user_account_activation function, allowing unauthenticate...
CVE-2024-11925 WP JobSearch <= 2.6.7 - Authentication Bypass to Account Takeover and Privilege Escalation
The JobSearch WP Job Board plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.6.7. This is due to the plugin not properly verifying a users identity when verifying an email address through the useraccountactivation function. This makes it possible f...
WordPress plugin JobSearch 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2024-17348 · WordPress · Jobsearch Wp Job Board
Name of the Vulnerable Software and Affected Versions: JobSearch WP Job Board plugin for WordPress versions up to 2.6.7 Description: The issue arises from the plugin not properly verifying a user's identity when verifying an email address through the user account activation function. This allows...
WordPress WP JobSearch plugin <= 2.6.7 - Authentication Bypass to Account Takeover and Privilege Escalation vulnerability
Authentication Bypass to Account Takeover and Privilege Escalation vulnerability discovered by Tonn in WordPress Plugin JobSearch versions = 2.6.7...
WordPress JobSearch Plugin <= 2.6.7 is vulnerable to Privilege Escalation
Software JobSearch Type Plugin Vulnerable versions = 2.6.7 Fixed in 2.6.8 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-11925 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 9f2540380ea8 Credits Tonn Required...
CVE-2024-8615
The JobSearch WP Job Board plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the jobsearchlocationloadexcelfilecallback function in all versions up to, and including, 2.6.7. This makes it possible for unauthenticated attackers to upload arbitrary...