16 matches found
CVE-2025-62025 WordPress JobSearch plugin < 3.0.8 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in eyecix JobSearch wp-jobsearch.This issue affects JobSearch: from n/a through 3.0.8...
CVE-2023-6585
The WP JobSearch WordPress plugin before 2.3.4 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server...
CVE-2023-6584
The WP JobSearch WordPress plugin before 2.3.4 does not prevent attackers from logging-in as any users with the only knowledge of that user's email address...
CVE-2021-24421
The WP JobSearch WordPress plugin before 1.7.4 did not sanitise or escape multiple of its parameters from the my-resume page before outputting them in the page, allowing low privilege users to use JavaScript payloads in them and leading to a Stored Cross-Site Scripting issue...
CVE-2024-8615 WP JobSearch <= 2.6.7 - Unauthenticated Arbitrary File Upload
The JobSearch WP Job Board plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the jobsearchlocationloadexcelfilecallback function in all versions up to, and including, 2.6.7. This makes it possible for unauthenticated attackers to upload arbitrary...
CVE-2024-47636 WordPress WP JobSearch plugin <= 2.5.9 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in eyecix JobSearch wp-jobsearch allows Object Injection.This issue affects JobSearch: from n/a through = 2.5.9...
CVE-2024-47394 WordPress WP JobSearch plugin <= 2.5.9 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in eyecix JobSearch wp-jobsearch allows Reflected XSS.This issue affects JobSearch: from n/a through = 2.5.9...
CVE-2024-47394 WordPress WP JobSearch plugin <= 2.5.9 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in eyecix JobSearch wp-jobsearch allows Reflected XSS.This issue affects JobSearch: from n/a through = 2.5.9...
CVE-2023-6584
CVE-2023-6584 affects the WP JobSearch WordPress plugin up to version 2.3.3 (pre-2.3.4). The vulnerability allows unauthenticated attackers to log in as any user by knowing that user’s email address, effectively bypassing authentication. The root cause is described in multiple sources as an authe...
CVE-2023-6584 JobSearch WP Job Board < 2.3.4 - Authentication Bypass
The WP JobSearch WordPress plugin before 2.3.4 does not prevent attackers from logging-in as any users with the only knowledge of that user's email address...
CVE-2023-6585
The CVE-2023-6585 issue affects the WP JobSearch WordPress plugin prior to version 2.3.4. The vulnerability stems from inadequate validation of uploaded files, allowing unauthenticated attackers to upload arbitrary files (e.g., PHP) to the server, potentially enabling remote code execution. The i...
CVE-2023-6585 JobSearch WP Job Board < 2.3.4 - Arbitrary File Upload to RCE
The WP JobSearch WordPress plugin before 2.3.4 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server...
CVE-2022-1168
The connected Nuclei template confirms a Cross-Site Scripting (XSS) vulnerability in WordPress WP JobSearch plugin versions prior to 1.5.1. The flaw allows an attacker to inject arbitrary JavaScript in the victim’s browser within the context of the affected site, potentially stealing session cook...
WordPress plugin has an unspecified vulnerability (CNVD-2021-59597)
WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. a security vulnerability in versions prior to ...
Cross site scripting
The WP JobSearch WordPress plugin before 1.7.4 did not sanitise or escape multiple of its parameters from the my-resume page before outputting them in the page, allowing low privilege users to use JavaScript payloads in them and leading to a Stored Cross-Site Scripting issue...
CVE-2021-24421
The WP JobSearch WordPress plugin (versions before 1.7.4) is vulnerable to an authenticated stored XSS on the my-resume page because multiple parameters are not sanitized/escaped before output. This allows an attacker with low privileges (authenticated user) to inject JavaScript payloads via fiel...