CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51545 – WordPress Job Manager & Career Plugin <= 1.4.4 is vulnerable to Cross Site Request Forgery (CSRF) leading to PHP Object Injection
https://notcve.org/view.php?id=CVE-2023-51545
Cross-Site Request Forgery (CSRF), Deserialization of Untrusted Data vulnerability in ThemeHigh Job Manager & Career – Manage job board listings, and recruitments.This issue affects Job Manager & Career – Manage job board listings, and recruitments: from n/a through 1.4.4. Vulnerabilidad de Cross-Site Request Forgery (CSRF) y deserialización de datos no confiables en ThemeHigh Job Manager & Career – Manage job board listings, and recruitments. Este problema afecta a Job Manager & Career – Manage job board listings, and recruitments: desde n/a hasta 1.4.4. The Job Manager & Career – Manage job board listings, and recruitments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.4. This is due to missing or incorrect nonce validation on the save_plugin_settings() function. • https://patchstack.com/database/vulnerability/job-manager-career/wordpress-job-manager-career-plugin-1-4-4-cross-site-request-forgery-csrf-to-php-object-injection-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) CWE-502: Deserialization of Untrusted Data •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5906 – Job Manager & Career < 1.4.4 - Directory listing to Sensitive Data Exposure
https://notcve.org/view.php?id=CVE-2023-5906
The Job Manager & Career WordPress plugin before 1.4.4 contains a vulnerability in the Directory Listings system, which allows an unauthorized user to view and download private files of other users. This vulnerability poses a serious security threat because it allows an attacker to gain access to confidential data and files of other users without their permission. El complemento Job Manager & Career de WordPress anterior a 1.4.4 contiene una vulnerabilidad en el sistema de listados de directorios, que permite a un usuario no autorizado ver y descargar archivos privados de otros usuarios. Esta vulnerabilidad plantea una grave amenaza a la seguridad porque permite a un atacante obtener acceso a datos y archivos confidenciales de otros usuarios sin su permiso. The Job Manager & Career – Manage job board listings, and recruitments plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.3 in cases where directory listing is enabled. • https://wpscan.com/vulnerability/911d495c-3867-4259-a73a-572cd4fccdde • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •