PT-2024-35322 · Astoundify · Astoundify Jobify - Job Board Wordpress Theme

Name of the Vulnerable Software and Affected Versions: Astoundify Jobify - Job Board WordPress Theme versions through 4.2.3 Description: The issue is related to an Improper Limitation of a Pathname to a Restricted Directory, also known as a Path Traversal vulnerability. This allows Relative Path...

WordPress Jobify theme < 4.3.0 - Unauthenticated Arbitrary File Read vulnerability

Unauthenticated Arbitrary File Read vulnerability discovered by Ananda Dhakal Patchstack in WordPress Theme Jobify versions 4.3.0...

WordPress Jobify plugin < 4.3.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Ananda Dhakal Patchstack in WordPress Theme Jobify versions 4.3.0...

WordPress Jobify plugin < 4.3.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Ananda Dhakal Patchstack in WordPress Theme Jobify versions 4.3.0...

WordPress Jobify theme < 4.3.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Ananda Dhakal Patchstack in WordPress Theme Jobify versions 4.3.0...

WordPress Jobify - Job Board WordPress Theme Theme <= 4.2.3 is vulnerable to Arbitrary File Download

Software Jobify - Job Board WordPress Theme Type Theme Vulnerable versions = 4.2.3 Fixed in N/A OWASP Top 10 A5: Security Misconfiguration Classification Arbitrary File Download CVE CVE-2024-52481 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID d63150ac42f8 Credits Anand...

WordPress Jobify - Job Board WordPress Theme Theme <= 4.2.3 is vulnerable to Cross Site Scripting (XSS)

Software Jobify - Job Board WordPress Theme Type Theme Vulnerable versions = 4.2.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-52478 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 1dc3663080eb Credits Ananda Dhakal Patchsta...

WordPress Jobify - Job Board WordPress Theme Theme <= 4.2.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software Jobify - Job Board WordPress Theme Type Theme Vulnerable versions = 4.2.3 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-52479 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 92f47144acd3 Credits...

WordPress Jobify - Job Board WordPress Theme Theme <= 4.2.3 is vulnerable to Broken Access Control

Software Jobify - Job Board WordPress Theme Type Theme Vulnerable versions = 4.2.3 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-52480 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID f5223c9ba0e9 Credits Ananda Dhakal...

Jobify: Occasional jobs - Base64 encoded String, External URLs, Suspicious files vulnerabilities

HackApp vulnerability scanner discovered that application Jobify: Occasional jobs published at the 'play' market has multiple vulnerabilities...