CVE-2025-62025

CVE-2025-62025 is a PHP Object Injection vulnerability affecting the WordPress plugin JobSearch WP Job Board (versions earlier than 3.0.8). The connected sources identify an unauthenticated PHP Object Injection in JobSearch

CVE-2025-49978 WordPress JobSearch plugin < 3.0.6 - Insecure Direct Object References (IDOR) Vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in eyecix JobSearch wp-jobsearch allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JobSearch: from n/a through 3.0.6...

CVE-2025-49978

CVE-2025-49978 describes an Insecure Direct Object References (IDOR) vulnerability in the WordPress JobSearch plugin (WP Job Board) versions n/a through 2.9.0. The issue is an Authorization Bypass Through User-Controlled Key , enabling bypass of access controls for certain resources. This is supp...

WordPress JobSearch WP Job Board plugin <= 2.8.8 - Authentication Bypass via Social Logins vulnerability

Authentication Bypass via Social Logins vulnerability discovered by Foxyyy in WordPress Plugin JobSearch versions = 2.8.8...

WordPress JobSearch Plugin <= 2.6.7 is vulnerable to Arbitrary File Upload

Software JobSearch Type Plugin Vulnerable versions = 2.6.7 Fixed in 2.6.8 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-8614 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID d16b486be3a5 Credits Tonn Required privilege Subscriber Published 5...

WordPress JobSearch Plugin <= 2.6.7 is vulnerable to Arbitrary File Upload

Software JobSearch Type Plugin Vulnerable versions = 2.6.7 Fixed in 2.6.8 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-8615 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 46ee6cd9f962 Credits Tonn Required privilege Unauthenticated Publish...

WordPress JobSearch Plugin <= 2.5.9 is vulnerable to Cross Site Scripting (XSS)

Software JobSearch Type Plugin Vulnerable versions = 2.5.9 Fixed in 2.6.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47394 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2995ae22faae Credits Bonds Required privilege Unauthenticat...

WordPress JobSearch Plugin <= 2.5.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software JobSearch Type Plugin Vulnerable versions = 2.5.3 Fixed in 2.5.4 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-43930 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 6846b218a959 Credits Ananda Dhakal Patchstack...

WordPress JobSearch Plugin <= 2.5.4 is vulnerable to Broken Access Control

Software JobSearch Type Plugin Vulnerable versions = 2.5.4 Fixed in 2.5.6 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43929 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID c7bad1c217a2 Credits Ananda Dhakal Patchstack...

WordPress JobSearch Plugin <= 2.3.4 is vulnerable to Privilege Escalation

Software JobSearch Type Plugin Vulnerable versions = 2.3.4 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Privilege Escalation CVE CVE-2024-43245 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID dba18ffc45d3 Credits Dave Jong Patchstack Required...

PT-2024-15015 · WordPress · Wp Jobsearch

Name of the Vulnerable Software and Affected Versions: WP JobSearch WordPress plugin versions prior to 2.3.4 Description: The issue allows unauthenticated attackers to upload arbitrary files, such as PHP files, to the server due to a lack of file validation for uploads. This could potentially lea...

WordPress JobSearch Plugin < 2.3.4 is vulnerable to Broken Authentication

Software JobSearch Type Plugin Vulnerable versions 2.3.4 Fixed in 2.3.4 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2023-6584 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID f4a18b4236e5 Credits Marc Montpas...