CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-4361 – JobSearch WP Job Board <= 1.8.1 - Missing Authorization to Arbitrary Options Update
https://notcve.org/view.php?id=CVE-2021-4361
The JobSearch WP Job Board plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the jobsearch_job_integrations_settin_save AJAX action in versions up to, and including, 1.8.1. This makes it possible for authenticated attackers to update arbitrary options on the site. • https://blog.nintechnet.com/wordpress-jobsearch-wp-job-board-plugin-fixed-vulnerability https://wpscan.com/vulnerability/a69aa52f-9876-4180-97a4-713459b43f24 https://www.wordfence.com/threat-intel/vulnerabilities/id/839a0cc0-a656-4107-a748-4ad85e950237?source=cve • CWE-284: Improper Access Control CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2021-4352 – JobSearch WP Job Board <= 1.8.1 - Missing Authorization to Settings Change
https://notcve.org/view.php?id=CVE-2021-4352
The JobSearch WP Job Board plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the save_locsettings function in versions up to, and including, 1.8.1. This makes it possible for unauthenticated attackers to change the settings of the plugin. • https://blog.nintechnet.com/wordpress-jobsearch-wp-job-board-plugin-fixed-vulnerability https://wpscan.com/vulnerability/ed7e664e-5a73-4d2d-a599-a0be89d6c2d1 https://www.wordfence.com/threat-intel/vulnerabilities/id/59170f0a-975e-487c-bdb0-585c802b3127?source=cve • CWE-284: Improper Access Control CWE-863: Incorrect Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2021-4364 – JobSearch WP Job Board < = 1.8.1 - Missing Authorization on jobsearch_update_job_import_schedule_call() function
https://notcve.org/view.php?id=CVE-2021-4364
The JobSearch WP Job Board plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the jobsearch_add_job_import_schedule_call() function in versions up to, and including, 1.8.1. This makes it possible for authenticated attackers to add and/or modify schedule calls. • https://blog.nintechnet.com/wordpress-jobsearch-wp-job-board-plugin-fixed-vulnerability https://wpscan.com/vulnerability/7e2dd5df-f758-419c-bfb8-b8e53235fede https://www.wordfence.com/threat-intel/vulnerabilities/id/9114018f-0678-4973-bb1e-932f0d93f963?source=cve • CWE-284: Improper Access Control CWE-862: Missing Authorization •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24421 – WP JobSearch < 1.7.4 - Authenticated Stored XSS
https://notcve.org/view.php?id=CVE-2021-24421
The WP JobSearch WordPress plugin before 1.7.4 did not sanitise or escape multiple of its parameters from the my-resume page before outputting them in the page, allowing low privilege users to use JavaScript payloads in them and leading to a Stored Cross-Site Scripting issue El plugin WP JobSearch de WordPress versiones anteriores a 1.7.4, no saneaba o escapaba de varios de sus parámetros de la página my-resume antes de mostrarlos en la página, permitiendo a usuarios pocos privilegiados usar cargas útiles de JavaScript en ellos y conllevando a un problema de tipo Cross-Site Scripting Almacenado • https://m0ze.ru/vulnerability/%5B2021-05-19%5D-%5BWordPress%5D-%5BCWE-79%5D-WP-JobSearch-WordPress-Plugin-v1.7.3.txt https://wpscan.com/vulnerability/b378d36d-66d9-4373-a628-e379e4766375 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1168 – JobSearch < 1.5.1 - Unauthenticated Reflected Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2022-1168
There is a Cross-Site Scripting vulnerability in the JobSearch WP JobSearch WordPress plugin before 1.5.1. Se presenta una vulnerabilidad de tipo Cross-Site Scripting en el plugin JobSearch WP JobSearch de WordPress versiones anteriores a 1.5.1 There is a Cross-Site Scripting vulnerability in the JobSearch WP JobSearch WordPress plugin before 1.5.1 via search_title parameter. • https://codecanyon.net/item/jobsearch-wp-job-board-wordpress-plugin/21066856 https://wpscan.com/vulnerability/bcf38e87-011e-4540-8bfb-c93443a4a490 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •