Lucene search
K

5 matches found

Circl
Circl
added 2025/02/01 8:15 a.m.12 views

CVE-2024-13428

creationtimestamp| type| source ---|---|--- 2025-02-01 08:15:42+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lh433xo7g52n 2025-02-01 09:26:02+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/3744 2025-02-01 09:47:51+00:00| seen|...

5.3CVSS7.3AI score0.00387EPSS
Exploits0References5
NVD
NVD
added 2025/02/01 8:15 a.m.28 views

CVE-2024-13428

The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.6 via the deleteCompanyLogo due to missing validation on a user controlled key. This makes it possibl...

5.3CVSS0.00387EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/02/01 7:21 a.m.22 views

CVE-2024-13428 WP Job Portal <= 2.2.6 - Insecure Direct Object Reference to Unauthenticated Company Logo Deletion

The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.6 via the deleteCompanyLogo due to missing validation on a user controlled key. This makes it possibl...

5.3CVSS0.00387EPSS
Exploits0References2
CVE
CVE
added 2025/02/01 7:21 a.m.61 views

CVE-2024-13428

CVE-2024-13428 affects the WordPress plugin WP Job Portal (≤ v2.2.6) and is caused by an insecure direct object reference in the deleteCompanyLogo() function, allowing unauthenticated attackers to delete arbitrary company logos. The issue arises from missing validation on a user-controlled key. I...

5.3CVSS5.3AI score0.00387EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/02/01 7:21 a.m.9 views

CVE-2024-13428 WP Job Portal <= 2.2.6 - Insecure Direct Object Reference to Unauthenticated Company Logo Deletion

The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.6 via the deleteCompanyLogo due to missing validation on a user controlled key. This makes it possibl...

5.3CVSS5.3AI score0.00387EPSS
Exploits0References2
Rows per page
Query Builder