CVE-2023-6585
- EPSS 0.5%
- Veröffentlicht 27.02.2024 09:15:37
- Zuletzt bearbeitet 01.05.2025 15:20:50
The WP JobSearch WordPress plugin before 2.3.4 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server
CVE-2021-4361
- EPSS 0.25%
- Veröffentlicht 07.06.2023 02:15:14
- Zuletzt bearbeitet 21.11.2024 06:37:30
The JobSearch WP Job Board plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the jobsearch_job_integrations_settin_save AJAX action in versions up to, and including, 1.8.1. This makes it possible for auth...
CVE-2021-4364
- EPSS 0.08%
- Veröffentlicht 07.06.2023 02:15:14
- Zuletzt bearbeitet 21.11.2024 06:37:30
The JobSearch WP Job Board plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the jobsearch_add_job_import_schedule_call() function in versions up to, and including, 1.8.1. This makes it possible for authe...
CVE-2021-4352
- EPSS 0.13%
- Veröffentlicht 07.06.2023 02:15:13
- Zuletzt bearbeitet 21.11.2024 06:37:29
The JobSearch WP Job Board plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the save_locsettings function in versions up to, and including, 1.8.1. This makes it possible for unauthenticated attackers to ...
CVE-2022-1168
- EPSS 3.36%
- Veröffentlicht 04.04.2022 16:15:11
- Zuletzt bearbeitet 21.11.2024 06:40:10
There is a Cross-Site Scripting vulnerability in the JobSearch WP JobSearch WordPress plugin before 1.5.1.
CVE-2021-24421
- EPSS 0.18%
- Veröffentlicht 12.07.2021 20:15:09
- Zuletzt bearbeitet 21.11.2024 05:53:02
The WP JobSearch WordPress plugin before 1.7.4 did not sanitise or escape multiple of its parameters from the my-resume page before outputting them in the page, allowing low privilege users to use JavaScript payloads in them and leading to a Stored C...