4 matches found
CVE-2021-4364
The JobSearch WP Job Board plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the jobsearchaddjobimportschedulecall function in versions up to, and including, 1.8.1. This makes it possible for authenticated attackers to add and/or modify schedule calls...
CVE-2021-4364
The JobSearch WP Job Board plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the jobsearchaddjobimportschedulecall function in versions up to, and including, 1.8.1. This makes it possible for authenticated attackers to add and/or modify schedule calls...
CVE-2021-4364
The JobSearch WP Job Board plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the jobsearchaddjobimportschedulecall function in versions up to, and including, 1.8.1. This makes it possible for authenticated attackers to add and/or modify schedule calls...
JobSearch WP Job Board < 1.8.2 - Subscriber+ Add/Update Schedule Calls
The jobsearchaddjobimportschedulecall and jobsearchupdatejobimportschedulecall AJAx action o the plugin, available to any authenticated user do not have authorisation and CSRF check sin place, allowing users with a role as low as subscriber to call them...