CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-6584 – JobSearch WP Job Board < 2.3.4 - Authentication Bypass
https://notcve.org/view.php?id=CVE-2023-6584
24 Nov 2023 — The WP JobSearch WordPress plugin before 2.3.4 does not prevent attackers from logging-in as any users with the only knowledge of that user's email address. El complemento WP JobSearch de WordPress anterior a 2.3.4 no impide que los atacantes inicien sesión como cualquier usuario con el único conocimiento de la dirección de correo electrónico de ese usuario. The JobSearch WP Job Board plugin for WordPress is vulnerable to authenticated bypass in all versions up to, and including, 2.3.3. This is due to the p... • https://wpscan.com/vulnerability/e528e3cd-a45c-4bf7-a37a-101f5c257acd • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-6585 – JobSearch WP Job Board < 2.3.4 - Arbitrary File Upload to RCE
https://notcve.org/view.php?id=CVE-2023-6585
24 Nov 2023 — The WP JobSearch WordPress plugin before 2.3.4 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server El complemento WP JobSearch de WordPress anterior a 2.3.4 no valida los archivos que se cargarán, lo que podría permitir a atacantes no autenticados cargar archivos arbitrarios como PHP en el servidor. The JobSearch WP Job Board plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in ... • https://wpscan.com/vulnerability/757412f4-e4f8-4007-8e3b-639a72b33180 • CWE-434: Unrestricted Upload of File with Dangerous Type •