3 matches found
WordPress JobCareer Plugin Information Disclosure (CVE-2018-19487)
An Information Disclosure vulnerability exists in JobCareer plugin. A remote authenticated attacker may exploit this vulnerability to enumerate information about users...
CVE-2018-19487
The CVE affects the WordPress WP-jobhunt plugin prior to version 2.4. The root cause is lack of access control for AJAX requests to cs_employer_ajax_profile() via admin-ajax.php, enabling remote unauthenticated attackers to enumerate user information. Practical impact is information disclosure ab...
JobCareer < 2.4.1 - User enumeration & Reset password
The theme used a vulnerable version of the WP-jobhunt plugin affected by the issues below: CVE-2018-19487: The WP-jobhunt plugin before version 2.4 for WordPress does not control AJAX requests sent to the csemployerajaxprofile function through the admin-ajax.php file, which allows remote...