Lucene search
K

6 matches found

CVE
CVE
added 2025/10/10 11:17 a.m.18 views

CVE-2025-7374

CVE-2025-7374 affects the WordPress plugin WP JobHunt (versions up to and including 7.6). The vulnerability is an authorization bypass caused by insufficient login restrictions on inactive and pending accounts, allowing authenticated users with Candidate- or Employer-level access and above to log...

5.4CVSS5.8AI score0.00179EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/10 11:17 a.m.1 views

CVE-2025-7374 WP JobHunt <= 7.6 Authenticated (Custom+) Authorization Bypass

The WP JobHunt plugin for WordPress, used by the JobCareer theme, is vulnerable to authorization bypass in all versions up to, and including, 7.6. This is due to insufficient login restrictions on inactive and pending accounts. This makes it possible for authenticated attackers, with Candidate- a...

5.4CVSS5.8AI score0.00179EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/10/10 12:0 a.m.4 views

PT-2025-41557

Name of the Vulnerable Software and Affected Versions WP JobHunt plugin for WordPress versions prior to 7.7 Description The WP JobHunt plugin for WordPress, used with the JobCareer theme, has a flaw that allows authorized users with Candidate- or Employer-level access, or higher, to log in even i...

5.4CVSS6.6AI score0.00179EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-51593

Malicious code in bioql PyPI...

4.3CVSS9.2AI score0.00342EPSS
Exploits0References2
OSV
OSV
added 2025/02/01 8:15 a.m.4 views

CVE-2024-13429

The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.6 via the 'jobenforcedelete' due to missing validation on a user controlled key. This makes it possib...

4.3CVSS5.9AI score0.00342EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/02/01 7:21 a.m.8 views

CVE-2024-13429 WP Job Portal <= 2.2.6 - Insecure Direct Object Reference to Authenticated (Employer+) Arbitrary Job Deletion

The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.6 via the 'jobenforcedelete' due to missing validation on a user controlled key. This makes it possib...

4.3CVSS4.5AI score0.00342EPSS
Exploits0References2
Rows per page
Query Builder