WordPress JobCareer premium theme <= 3.4 - Multiple Cross-Site Scripting (XSS) vulnerabilities

Multiple Cross-Site Scripting XSS vulnerabilities found by Vlad Vector in WordPress JobCareer premium theme versions = 3.4. Solution Update the WordPress JobCareer premium theme to the latest available version at least 3.5...

JobCareer < 3.5 - Multiple Cross-Site Scripting (XSS)

An Unauthenticated Reflected & Authenticated Persistent XSS vulnerabilities were discovered in the JobCareer theme through 3.4 for WordPress. Unauthenticated Reflected XSS - Vulnerable parameters: jobtitle, specialisms, location Authenticated Persistent XSS on Employer Profile - «Complete Address...

WordPress JobCareer Plugin Authentication Bypass (CVE-2018-19488)

An authentication bypass vulnerability exists in JobCareer plugin. A remote authenticated attacker may exploit this vulnerability to reset the password of a user's account...

WordPress JobCareer Plugin Information Disclosure (CVE-2018-19487)

An Information Disclosure vulnerability exists in JobCareer plugin. A remote authenticated attacker may exploit this vulnerability to enumerate information about users...

Cross site scripting

The JobCareer theme before 2.5.1 for WordPress has stored XSS...

JobCareer < 2.5.1 - Authenticated Stored Cross-Site Scripting

Bad input fields data filtering has been discovered in the 'JobCareer | Job Board Responsive WordPress Theme'. http://jobcareer.chimpgroup.com/candidate/asdasdasdasdasd/ Register a new account on the demo website: http://jobcareer.chimpgroup.com/ , then go to the «Resume» profile tab:...

JobCareer < 2.5.1 - Authenticated Stored Cross-Site Scripting

Bad input fields data filtering has been discovered in the 'JobCareer | Job Board Responsive WordPress Theme'. PoC http://jobcareer.chimpgroup.com/candidate/asdasdasdasdasd/ Register a new account on the demo website: http://jobcareer.chimpgroup.com/ , then go to the «Resume» profile tab:...

WordPress JobCareer premium theme <= 2.4 - User enumeration & Password Reset vulnerabilities

User enumeration & Password Reset vulnerabilities found by Anthony MAESTRE in WordPress JobCareer premium theme versions = 2.4. Solution Update the WordPress JobCareer premium theme to the latest available version at least 2.4.1...

JobCareer < 2.4.1 - User enumeration & Reset password

The theme used a vulnerable version of the WP-jobhunt plugin affected by the issues below: CVE-2018-19487: The WP-jobhunt plugin before version 2.4 for WordPress does not control AJAX requests sent to the csemployerajaxprofile function through the admin-ajax.php file, which allows remote...