Lucene search
Anthony MAESTREWPVDB-ID:53968E61-6B81-4FCD-85EF-5D0854873C36HistoryDec 04, 2018 - 12:00 a.m.
JobCareer < 2.4.1 - User enumeration & Reset password
2018-12-0400:00:00
Anthony MAESTRE
wpscan.com
12
0.022 Low
EPSS
Percentile
89.6%
The theme used a vulnerable version of the WP-jobhunt plugin affected by the issues below: CVE-2018-19487: The WP-jobhunt plugin before version 2.4 for WordPress does not control AJAX requests sent to the cs_employer_ajax_profile() function through the admin-ajax.php file, which allows remote unauthenticated attackers to enumerate information about users. CVE-2018-19488: The WP-jobhunt plugin before version 2.4 for WordPress does not control AJAX requests sent to the cs_reset_pass() function through the admin-ajax.php file, which allows remote unauthenticated attackers to reset the password of a user’s account.
| CPE | Name | Operator | Version |
|---|---|---|---|
| wp-jobhunt | lt | 2.4 | |
| jobcareer | lt | 2.4.1 |
Related
prion
prion
Code injection
2019-03-21 16:00:00
Default credentials
2019-03-21 16:00:00
checkpoint_advisories
checkpoint_advisories
WordPress JobCareer Plugin Authentication Bypass (CVE-2018-19488)
2020-05-24 00:00:00
WordPress JobCareer Plugin Information Disclosure (CVE-2018-19487)
2020-05-24 00:00:00
cve
cve
CVE-2018-19488
2019-03-21 16:00:31
CVE-2018-19487
2019-03-21 16:00:31
cvelist
cvelist
CVE-2018-19488
2019-03-17 21:37:51
CVE-2018-19487
2019-03-17 21:36:47
nvd
nvd
CVE-2018-19487
2019-03-21 16:00:31
CVE-2018-19488
2019-03-21 16:00:31