CVE-2025-7733

The WP JobHunt plugin for WordPress, used by the JobCareer theme, is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 7.7 via the 'csupdateapplicationstatuscallback' due to missing validation on a user controlled key. This makes it possible for authenticated...

CVE-2025-7733

CVE-2025-7733 affects the WP JobHunt WordPress plugin (up to 7.7) via Insecure Direct Object Reference in the cs_update_application_status_callback, caused by missing validation on a user-controlled key. This allows authenticated users with Candidate-level access and above to send a site-generate...

CVE-2025-7374 WP JobHunt <= 7.6 Authenticated (Custom+) Authorization Bypass

The WP JobHunt plugin for WordPress, used by the JobCareer theme, is vulnerable to authorization bypass in all versions up to, and including, 7.6. This is due to insufficient login restrictions on inactive and pending accounts. This makes it possible for authenticated attackers, with Candidate- a...

EUVD-2024-54066

Malicious code in bioql PyPI...

EUVD-2024-54063

Malicious code in bioql PyPI...

EUVD-2025-15498

Malicious code in bioql PyPI...

CVE-2025-6585

The WP JobHunt plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 7.2 via the csremoveprofilecallback function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level...

CVE-2025-6585

The WP JobHunt WordPress plugin (versions up to 7.2) is affected by an Insecure Direct Object Reference through the cs_remove_profile_callback() function due to missing validation on a user-controlled key. This allows authenticated attackers with Subscriber-level access or higher to delete accoun...

CVE-2025-6585 WP JobHunt <= 7.2 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Account Deletion

The WP JobHunt plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 7.2 via the csremoveprofilecallback function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level...

CVE-2025-6585 WP JobHunt <= 7.2 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Account Deletion

The WP JobHunt plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 7.2 via the csremoveprofilecallback function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level...

PT-2025-30378 · WordPress · Wp Jobhunt

Name of the Vulnerable Software and Affected Versions: WP JobHunt versions prior to 7.3 Description: The WP JobHunt plugin for WordPress is susceptible to an Insecure Direct Object Reference issue in all versions up to and including 7.2, specifically within the cs remove profile callback function...

CVE-2025-39537

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Blaze Concepts Better Customer List for WooCommerce woo-better-customer-list allows Reflected XSS.This issue affects Better Customer List for WooCommerce: from n/a through = 1.2.3...

CVE-2025-39537

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Blaze Concepts Better Customer List for WooCommerce woo-better-customer-list allows Reflected XSS.This issue affects Better Customer List for WooCommerce: from n/a through = 1.2.3...

CVE-2025-39537 WordPress Better Customer List for WooCommerce Plugin <= 1.2.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Blaze Concepts Better Customer List for WooCommerce woo-better-customer-list allows Reflected XSS.This issue affects Better Customer List for WooCommerce: from n/a through = 1.2.3...

CVE-2025-39537

CVE-2025-39537 is described as a reflected Cross-Site Scripting vulnerability in the WordPress plugin Blaze Concepts Better Customer List for WooCommerce (plugin slug woo-better-customer-list), affecting versions from n/a to &lt;= 1.2.3. Connected sources also reference WP JobHunt under the same ...

CVE-2025-39537 WordPress Better Customer List for WooCommerce Plugin <= 1.2.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Blaze Concepts Better Customer List for WooCommerce woo-better-customer-list allows Reflected XSS.This issue affects Better Customer List for WooCommerce: from n/a through = 1.2.3...

PT-2025-21704 · WordPress · Chimpstudio Wp Jobhunt

Name of the Vulnerable Software and Affected Versions: Chimpstudio WP JobHunt versions n/a through 7.1 Description: The issue affects Chimpstudio WP JobHunt, allowing exploitation of incorrectly configured access control security levels through an Authorization Bypass Through User-Controlled Key...

WordPress WP JobHunt plugin wp_ajax_google_api_login_callback function authentication error vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin WP JobHunt...

CVE-2024-11285

The WP JobHunt plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 7.1. This is due to the plugin not properly validating a user's identity prior to updating their details like email via the accountsettingscallback function. This...

CVE-2024-11286

The WP JobHunt plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.1. This is due to the plugin not properly verifying a user's identity prior to authenticating them through the csparserequest function. This makes it possible for unauthenticated...