Lucene search
K

20 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-54063

Malicious code in bioql PyPI...

9.8CVSS9.1AI score0.00593EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-54066

Malicious code in bioql PyPI...

7.5CVSS8.1AI score0.00406EPSS
Exploits0References2
CVE
CVE
added 2025/07/22 4:25 a.m.30 views

CVE-2025-6585

The WP JobHunt WordPress plugin (versions up to 7.2) is affected by an Insecure Direct Object Reference through the cs_remove_profile_callback() function due to missing validation on a user-controlled key. This allows authenticated attackers with Subscriber-level access or higher to delete accoun...

8.1CVSS6.2AI score0.0039EPSS
Exploits0References2
CNVD
CNVD
added 2025/03/19 12:0 a.m.9 views

WordPress WP JobHunt plugin wp_ajax_google_api_login_callback function authentication error vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin WP JobHunt...

7.5CVSS7.3AI score0.00406EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/16 5:18 a.m.9 views

CVE-2024-11285

The WP JobHunt plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 7.1. This is due to the plugin not properly validating a user's identity prior to updating their details like email via the accountsettingscallback function. This...

9.8CVSS7.7AI score0.00402EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/16 5:17 a.m.7 views

CVE-2024-11286

The WP JobHunt plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.1. This is due to the plugin not properly verifying a user's identity prior to authenticating them through the csparserequest function. This makes it possible for unauthenticated...

9.8CVSS7.3AI score0.00593EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/16 5:17 a.m.8 views

CVE-2024-11284

The WP JobHunt plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6.9. This is due to the plugin not properly validating a user's identity prior to updating their password through the accountsettingssavecallback function. This mak...

9.8CVSS7.8AI score0.00496EPSS
Exploits0References1
NVD
NVD
added 2025/03/14 5:15 a.m.16 views

CVE-2024-11285

The WP JobHunt plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 7.1. This is due to the plugin not properly validating a user's identity prior to updating their details like email via the accountsettingscallback function. This...

9.8CVSS0.00402EPSS
Exploits0References2
NVD
NVD
added 2025/03/14 5:15 a.m.11 views

CVE-2024-11283

The WP JobHunt plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.1. This is due to wpajaxgoogleapilogincallback function not properly verifying a user's identity prior to authenticating them. This makes it possible for unauthenticated attackers to...

7.5CVSS0.00406EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/03/14 4:22 a.m.8 views

CVE-2024-11283 WP JobHunt <= 7.1 - Authentication Bypass to Candidate

The WP JobHunt plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.1. This is due to wpajaxgoogleapilogincallback function not properly verifying a user's identity prior to authenticating them. This makes it possible for unauthenticated attackers to...

7.5CVSS0.00406EPSS
Exploits0References2
CVE
CVE
added 2025/03/14 4:22 a.m.50 views

CVE-2024-11283

CVE-2024-11283 affects the WordPress WP JobHunt plugin up to version 7.1. The root cause is that the wp_ajax_google_api_login_callback function does not properly verify the user’s identity before authentication, enabling unauthenticated attackers to access arbitrary candidate accounts. Affected c...

7.5CVSS7.6AI score0.00406EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/03/14 4:22 a.m.3 views

CVE-2024-11286 WP JobHunt <= 7.1 - Authentication Bypass

The WP JobHunt plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.1. This is due to the plugin not properly verifying a user's identity prior to authenticating them through the csparserequest function. This makes it possible for unauthenticated...

9.8CVSS9.6AI score0.00593EPSS
Exploits0References2
CVE
CVE
added 2025/03/14 4:22 a.m.61 views

CVE-2024-11286

CVE-2024-11286 concerns WP JobHunt for WordPress, where versions up to 7.1 are vulnerable to an authentication bypass. The root cause, as described in the initial document, is that the plugin does not properly verify a user’s identity before authenticating via cs_parse_request(), allowing unauthe...

9.8CVSS9.6AI score0.00593EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/03/14 4:22 a.m.4 views

CVE-2024-11284 WP JobHunt <= 7.1 - Unauthenticated Privilege Escalation via Password Reset/Account Takeover

The WP JobHunt plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6.9. This is due to the plugin not properly validating a user's identity prior to updating their password through the accountsettingssavecallback function. This mak...

9.8CVSS9.8AI score0.00496EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/03/14 4:22 a.m.11 views

CVE-2024-11285 WP JobHunt <= 7.1 - Unauthenticated Privilege Escalation via Email Update/Account Takeover

The WP JobHunt plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 7.1. This is due to the plugin not properly validating a user's identity prior to updating their details like email via the accountsettingscallback function. This...

9.8CVSS0.00402EPSS
Exploits0References2
CVE
CVE
added 2025/03/14 4:22 a.m.60 views

CVE-2024-11285

CVE-2024-11285 (WP JobHunt

9.8CVSS9.8AI score0.00402EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/03/14 4:22 a.m.8 views

CVE-2024-11285 WP JobHunt <= 7.1 - Unauthenticated Privilege Escalation via Email Update/Account Takeover

The WP JobHunt plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 7.1. This is due to the plugin not properly validating a user's identity prior to updating their details like email via the accountsettingscallback function. This...

9.8CVSS9.8AI score0.00402EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/03/14 12:0 a.m.3 views

PT-2025-11232 · WordPress · Wp Jobhunt

Name of the Vulnerable Software and Affected Versions: WP JobHunt plugin for WordPress versions up to, and including, 7.1 Description: The issue is related to authentication bypass. This is due to the wp ajax google api login callback function not properly verifying a user's identity prior to...

7.5CVSS7.9AI score0.00406EPSS
Exploits0References11
CVE
CVE
added 2019/03/17 9:37 p.m.40 views

CVE-2018-19488

The CVE-2018-19488 entry concerns the WP-jobhunt WordPress plugin prior to version 2.4. An authentication- bypass flaw exists where AJAX requests to cs_reset_pass() via admin-ajax.php are not properly controlled, enabling remote unauthenticated attackers to reset a user’s password. This is suppor...

9.8CVSS9.6AI score0.04129EPSS
Exploits1References2Affected Software1
WPVulnDB
WPVulnDB
added 2018/12/04 12:0 a.m.20 views

JobCareer < 2.4.1 - User enumeration & Reset password

The theme used a vulnerable version of the WP-jobhunt plugin affected by the issues below: CVE-2018-19487: The WP-jobhunt plugin before version 2.4 for WordPress does not control AJAX requests sent to the csemployerajaxprofile function through the admin-ajax.php file, which allows remote...

7.5CVSS5AI score0.04852EPSS
Exploits2References2Affected Software2
Rows per page
Query Builder