PT-2026-39656

HireFlow v1.2 is vulnerable to Incorrect Access Control. The application does not enforce object-level authorization on the /candidate/ and /interview/ endpoints. The route handlers retrieve records by the user-supplied ID without verifying that the requesting user is the owner or has an authoriz...

CVE-2025-7782

The WP JobHunt plugin for WordPress, used by the JobCareer theme, is vulnerable to unauthorized modification of data due to a missing capability check on the 'csupdateapplicationstatuscallback' function in all versions up to, and including, 7.7. This makes it possible for authenticated attackers,...

EUVD-2025-204641

The WP JobHunt plugin for WordPress, used by the JobCareer theme, is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 7.7 via the 'csupdateapplicationstatuscallback' due to missing validation on a user controlled key. This makes it possible for authenticated...

CVE-2025-7782 WP JobHunt <= 7.7 - Missing Authorization to Authenticated (Candidate+) Stored Cross-Site Scripting via 'status'

The WP JobHunt plugin for WordPress, used by the JobCareer theme, is vulnerable to unauthorized modification of data due to a missing capability check on the 'csupdateapplicationstatuscallback' function in all versions up to, and including, 7.7. This makes it possible for authenticated attackers,...

CVE-2025-7782

CVE-2025-7782 affects the WP JobHunt plugin for WordPress (used by the JobCareer theme). Root cause: a missing capability check in cs_update_application_status_callback affects all versions up to 7.7, enabling authenticated attackers with Candidate+ privileges to modify data and inject cross-site...

PT-2025-52551

Name of the Vulnerable Software and Affected Versions WP JobHunt plugin for WordPress versions prior to 7.8 Description The WP JobHunt plugin for WordPress is susceptible to unauthorized data modification. A missing capability check within the cs update application status callback function allows...

CVE-2025-7374 WP JobHunt <= 7.6 Authenticated (Custom+) Authorization Bypass

The WP JobHunt plugin for WordPress, used by the JobCareer theme, is vulnerable to authorization bypass in all versions up to, and including, 7.6. This is due to insufficient login restrictions on inactive and pending accounts. This makes it possible for authenticated attackers, with Candidate- a...

CVE-2025-7374

CVE-2025-7374 affects the WordPress plugin WP JobHunt (versions up to and including 7.6). The vulnerability is an authorization bypass caused by insufficient login restrictions on inactive and pending accounts, allowing authenticated users with Candidate- or Employer-level access and above to log...

PT-2025-41558

Name of the Vulnerable Software and Affected Versions WP JobHunt plugin for WordPress versions prior to 7.7 Description The WP JobHunt plugin for WordPress, used by the JobCareer theme, has a flaw that allows malicious code to be stored and executed when a user views an affected page. This is due...

PT-2025-41557

Name of the Vulnerable Software and Affected Versions WP JobHunt plugin for WordPress versions prior to 7.7 Description The WP JobHunt plugin for WordPress, used with the JobCareer theme, has a flaw that allows authorized users with Candidate- or Employer-level access, or higher, to log in even i...

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none...