20 matches found
EUVD-2024-54063
Malicious code in bioql PyPI...
EUVD-2024-54066
Malicious code in bioql PyPI...
CVE-2025-6585
The WP JobHunt WordPress plugin (versions up to 7.2) is affected by an Insecure Direct Object Reference through the cs_remove_profile_callback() function due to missing validation on a user-controlled key. This allows authenticated attackers with Subscriber-level access or higher to delete accoun...
WordPress WP JobHunt plugin wp_ajax_google_api_login_callback function authentication error vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin WP JobHunt...
CVE-2024-11285
The WP JobHunt plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 7.1. This is due to the plugin not properly validating a user's identity prior to updating their details like email via the accountsettingscallback function. This...
CVE-2024-11286
The WP JobHunt plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.1. This is due to the plugin not properly verifying a user's identity prior to authenticating them through the csparserequest function. This makes it possible for unauthenticated...
CVE-2024-11284
The WP JobHunt plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6.9. This is due to the plugin not properly validating a user's identity prior to updating their password through the accountsettingssavecallback function. This mak...
CVE-2024-11285
The WP JobHunt plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 7.1. This is due to the plugin not properly validating a user's identity prior to updating their details like email via the accountsettingscallback function. This...
CVE-2024-11283
The WP JobHunt plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.1. This is due to wpajaxgoogleapilogincallback function not properly verifying a user's identity prior to authenticating them. This makes it possible for unauthenticated attackers to...
CVE-2024-11283 WP JobHunt <= 7.1 - Authentication Bypass to Candidate
The WP JobHunt plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.1. This is due to wpajaxgoogleapilogincallback function not properly verifying a user's identity prior to authenticating them. This makes it possible for unauthenticated attackers to...
CVE-2024-11283
CVE-2024-11283 affects the WordPress WP JobHunt plugin up to version 7.1. The root cause is that the wp_ajax_google_api_login_callback function does not properly verify the user’s identity before authentication, enabling unauthenticated attackers to access arbitrary candidate accounts. Affected c...
CVE-2024-11286 WP JobHunt <= 7.1 - Authentication Bypass
The WP JobHunt plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.1. This is due to the plugin not properly verifying a user's identity prior to authenticating them through the csparserequest function. This makes it possible for unauthenticated...
CVE-2024-11286
CVE-2024-11286 concerns WP JobHunt for WordPress, where versions up to 7.1 are vulnerable to an authentication bypass. The root cause, as described in the initial document, is that the plugin does not properly verify a user’s identity before authenticating via cs_parse_request(), allowing unauthe...
CVE-2024-11284 WP JobHunt <= 7.1 - Unauthenticated Privilege Escalation via Password Reset/Account Takeover
The WP JobHunt plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6.9. This is due to the plugin not properly validating a user's identity prior to updating their password through the accountsettingssavecallback function. This mak...
CVE-2024-11285 WP JobHunt <= 7.1 - Unauthenticated Privilege Escalation via Email Update/Account Takeover
The WP JobHunt plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 7.1. This is due to the plugin not properly validating a user's identity prior to updating their details like email via the accountsettingscallback function. This...
CVE-2024-11285
CVE-2024-11285 (WP JobHunt
CVE-2024-11285 WP JobHunt <= 7.1 - Unauthenticated Privilege Escalation via Email Update/Account Takeover
The WP JobHunt plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 7.1. This is due to the plugin not properly validating a user's identity prior to updating their details like email via the accountsettingscallback function. This...
PT-2025-11232 · WordPress · Wp Jobhunt
Name of the Vulnerable Software and Affected Versions: WP JobHunt plugin for WordPress versions up to, and including, 7.1 Description: The issue is related to authentication bypass. This is due to the wp ajax google api login callback function not properly verifying a user's identity prior to...
CVE-2018-19488
The CVE-2018-19488 entry concerns the WP-jobhunt WordPress plugin prior to version 2.4. An authentication- bypass flaw exists where AJAX requests to cs_reset_pass() via admin-ajax.php are not properly controlled, enabling remote unauthenticated attackers to reset a user’s password. This is suppor...
JobCareer < 2.4.1 - User enumeration & Reset password
The theme used a vulnerable version of the WP-jobhunt plugin affected by the issues below: CVE-2018-19487: The WP-jobhunt plugin before version 2.4 for WordPress does not control AJAX requests sent to the csemployerajaxprofile function through the admin-ajax.php file, which allows remote...