CVE-2024-13372 WP Job Portal <= 2.2.6 - Insecure Direct Object Reference to Unauthenticated Arbitrary Resume Download

The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.6 via the getresumefiledownloadbyid and getallresumefiles functions due to missing validation on a us...

CVE-2024-13425 WP Job Portal <= 2.2.6 - Insecure Direct Object Reference to Authenticated (Employer+) Arbitrary Company Deletion

The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.6 via the enforcedelete function due to missing validation on a user controlled key. This makes it...

CVE-2024-13429 WP Job Portal <= 2.2.6 - Insecure Direct Object Reference to Authenticated (Employer+) Arbitrary Job Deletion

The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.6 via the 'jobenforcedelete' due to missing validation on a user controlled key. This makes it possib...

CVE-2024-13425

CVE-2024-13425 affects the WP Job Portal – A Complete Recruitment System for Company or Job Board website (WordPress plugin) up to version 2.2.6. The root cause is an Insecure Direct Object Reference via the enforcedelete() function due to missing validation on a user-controlled key, enabling an ...

CVE-2024-13429

CVE-2024-13429 is a WordPress WP Job Portal plugin vulnerability (versions up to 2.2.6) yielding an Insecure Direct Object Reference via the jobenforcedelete parameter. The core issue is missing validation on a user-controlled key, enabling an authenticated user with employer-level access and abo...

CVE-2024-13429 WP Job Portal <= 2.2.6 - Insecure Direct Object Reference to Authenticated (Employer+) Arbitrary Job Deletion

The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.6 via the 'jobenforcedelete' due to missing validation on a user controlled key. This makes it possib...

CVE-2024-13425 WP Job Portal <= 2.2.6 - Insecure Direct Object Reference to Authenticated (Employer+) Arbitrary Company Deletion

The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.6 via the enforcedelete function due to missing validation on a user controlled key. This makes it...

WordPress plugin WP Job Portal 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin WP Job Portal 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin WP Job Portal 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin WP Job Portal 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress WP Job Portal plugin <= 2.2.6 - Insecure Direct Object Reference to Authenticated (Employer+) Arbitrary Company Deletion vulnerability

Insecure Direct Object Reference to Authenticated Employer+ Arbitrary Company Deletion vulnerability discovered by thevietronin in WordPress Plugin WP Job Portal versions = 2.2.6...

CVE-2024-13694

The WooCommerce Wishlist High customization, fast setup,Free Elementor Wishlist, most features plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.8.7 via the downloadpdffile function due to missing validation on a user controlled key. Th...

CVE-2024-13694 WooCommerce Wishlist <= 1.8.7 - Unauthenticated Wishlist Disclosure via download_pdf_file Function

The WooCommerce Wishlist High customization, fast setup,Free Elementor Wishlist, most features plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.8.7 via the downloadpdffile function due to missing validation on a user controlled key. Th...

CVE-2024-13694

CVE-2024-13694 : The WooCommerce Wishlist plugin for WordPress (versions up to and including 1.8.7) is vulnerable to an insecure direct object reference via the download_pdf_file() function due to missing validation on a user-controlled key. This allows unauthenticated attackers to disclose wishl...

WordPress WooCommerce Wishlist plugin <= 1.8.7 - Unauthenticated IDOR via download_pdf_file Function vulnerability

Unauthenticated IDOR via downloadpdffile Function vulnerability discovered by Tim Coen in WordPress Plugin MC Woocommerce Wishlist versions = 1.8.7...

WordPress Event Tickets plugin <= 5.18.1 - Insecure Direct Object Reference to Sensitive Information Exposure vulnerability

Insecure Direct Object Reference to Sensitive Information Exposure vulnerability discovered by Whit Taylor in WordPress Plugin Event Tickets versions = 5.18.1...

CVE-2024-13457

The Event Tickets and Registration plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.18.1 via the tc-order-id parameter due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to view ord...

CVE-2024-13457 Event Tickets <= 5.18.1 - Insecure Direct Object Reference to Sensitive Information Exposure

The Event Tickets and Registration plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.18.1 via the tc-order-id parameter due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to view ord...

CVE-2024-13457

CVE-2024-13457 affects the WordPress plugin Event Tickets and Registration (WordPress Event Tickets) up to and including version 5.18.1 . The vulnerability is an Insecure Direct Object Reference via the tc-order-id parameter, arising from missing validation on a user-controlled key. This allows u...