Lucene search
K

16 matches found

Cvelist
Cvelist
added 2025/10/22 2:32 p.m.12 views

CVE-2025-62025 WordPress JobSearch plugin < 3.0.8 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in eyecix JobSearch wp-jobsearch.This issue affects JobSearch: from n/a through 3.0.8...

9.8CVSS0.00529EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:59 a.m.12 views

CVE-2023-6585

The WP JobSearch WordPress plugin before 2.3.4 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server...

7.5CVSS7.1AI score0.00602EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2025/05/23 4:57 a.m.9 views

CVE-2023-6584

The WP JobSearch WordPress plugin before 2.3.4 does not prevent attackers from logging-in as any users with the only knowledge of that user's email address...

7.5CVSS6.8AI score0.00549EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2025/05/22 7:21 p.m.7 views

CVE-2021-24421

The WP JobSearch WordPress plugin before 1.7.4 did not sanitise or escape multiple of its parameters from the my-resume page before outputting them in the page, allowing low privilege users to use JavaScript payloads in them and leading to a Stored Cross-Site Scripting issue...

5.4CVSS5.9AI score0.00633EPSS
Exploits2References1
Cvelist
Cvelist
added 2024/11/06 8:29 a.m.27 views

CVE-2024-8615 WP JobSearch <= 2.6.7 - Unauthenticated Arbitrary File Upload

The JobSearch WP Job Board plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the jobsearchlocationloadexcelfilecallback function in all versions up to, and including, 2.6.7. This makes it possible for unauthenticated attackers to upload arbitrary...

10CVSS0.00829EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/10/10 6:4 p.m.34 views

CVE-2024-47636 WordPress WP JobSearch plugin <= 2.5.9 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in eyecix JobSearch wp-jobsearch allows Object Injection.This issue affects JobSearch: from n/a through = 2.5.9...

9.8CVSS0.00543EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/10/05 2:40 p.m.27 views

CVE-2024-47394 WordPress WP JobSearch plugin <= 2.5.9 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in eyecix JobSearch wp-jobsearch allows Reflected XSS.This issue affects JobSearch: from n/a through = 2.5.9...

7.1CVSS0.00292EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/10/05 2:40 p.m.24 views

CVE-2024-47394 WordPress WP JobSearch plugin <= 2.5.9 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in eyecix JobSearch wp-jobsearch allows Reflected XSS.This issue affects JobSearch: from n/a through = 2.5.9...

7.1CVSS5.9AI score0.00292EPSS
Exploits0References1
CVE
CVE
added 2024/02/27 8:30 a.m.3623 views

CVE-2023-6584

CVE-2023-6584 affects the WP JobSearch WordPress plugin up to version 2.3.3 (pre-2.3.4). The vulnerability allows unauthenticated attackers to log in as any user by knowing that user’s email address, effectively bypassing authentication. The root cause is described in multiple sources as an authe...

7.5CVSS7.5AI score0.00549EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2024/02/27 8:30 a.m.29 views

CVE-2023-6584 JobSearch WP Job Board < 2.3.4 - Authentication Bypass

The WP JobSearch WordPress plugin before 2.3.4 does not prevent attackers from logging-in as any users with the only knowledge of that user's email address...

6.7AI score0.00549EPSS
Exploits2References1
CVE
CVE
added 2024/02/27 8:30 a.m.3832 views

CVE-2023-6585

The CVE-2023-6585 issue affects the WP JobSearch WordPress plugin prior to version 2.3.4. The vulnerability stems from inadequate validation of uploaded files, allowing unauthenticated attackers to upload arbitrary files (e.g., PHP) to the server, potentially enabling remote code execution. The i...

7.5CVSS7.7AI score0.00602EPSS
Exploits2References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/02/27 8:30 a.m.16 views

CVE-2023-6585 JobSearch WP Job Board < 2.3.4 - Arbitrary File Upload to RCE

The WP JobSearch WordPress plugin before 2.3.4 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server...

7.1AI score0.00602EPSS
Exploits2References1
CVE
CVE
added 2022/04/04 3:36 p.m.107 views

CVE-2022-1168

The connected Nuclei template confirms a Cross-Site Scripting (XSS) vulnerability in WordPress WP JobSearch plugin versions prior to 1.5.1. The flaw allows an attacker to inject arbitrary JavaScript in the victim’s browser within the context of the affected site, potentially stealing session cook...

6.1CVSS6.1AI score0.01847EPSS
Exploits1References2Affected Software1
CNVD
CNVD
added 2021/07/14 12:0 a.m.17 views

WordPress plugin has an unspecified vulnerability (CNVD-2021-59597)

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. a security vulnerability in versions prior to ...

5.4CVSS0.3AI score0.00633EPSS
Exploits2References1
Prion
Prion
added 2021/07/12 8:15 p.m.17 views

Cross site scripting

The WP JobSearch WordPress plugin before 1.7.4 did not sanitise or escape multiple of its parameters from the my-resume page before outputting them in the page, allowing low privilege users to use JavaScript payloads in them and leading to a Stored Cross-Site Scripting issue...

3.5CVSS5.4AI score0.00633EPSS
Exploits2References2Affected Software1
CVE
CVE
added 2021/07/12 7:20 p.m.64 views

CVE-2021-24421

The WP JobSearch WordPress plugin (versions before 1.7.4) is vulnerable to an authenticated stored XSS on the my-resume page because multiple parameters are not sanitized/escaped before output. This allows an attacker with low privileges (authenticated user) to inject JavaScript payloads via fiel...

5.4CVSS5.3AI score0.00633EPSS
Exploits2References2Affected Software1
Rows per page
Query Builder