CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-6584 – JobSearch WP Job Board < 2.3.4 - Authentication Bypass
https://notcve.org/view.php?id=CVE-2023-6584
The WP JobSearch WordPress plugin before 2.3.4 does not prevent attackers from logging-in as any users with the only knowledge of that user's email address. El complemento WP JobSearch de WordPress anterior a 2.3.4 no impide que los atacantes inicien sesión como cualquier usuario con el único conocimiento de la dirección de correo electrónico de ese usuario. The JobSearch WP Job Board plugin for WordPress is vulnerable to authenticated bypass in all versions up to, and including, 2.3.3. This is due to the plugin not properly validating a users identity through the jobsearch_facebook_get_soc_login_url action. This makes it possible for unauthenticated attackers to log in as any user, including administrators, as long as they have access to the email address. • https://wpscan.com/vulnerability/e528e3cd-a45c-4bf7-a37a-101f5c257acd • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4826 – Socialdriver < 2024 - Prototype Pollution to XSS
https://notcve.org/view.php?id=CVE-2023-4826
The SocialDriver WordPress theme before version 2024 has a prototype pollution vulnerability that could allow an attacker to inject arbitrary properties resulting in a cross-site scripting (XSS) attack. El tema SocialDriver de WordPress anterior a la versión 2024 tiene un prototipo de vulnerabilidad de contaminación que podría permitir a un atacante inyectar propiedades arbitrarias, lo que resultaría en un ataque de cross site scripting (XSS). The Socialdriver plugin for WordPress is vulnerable to prototype pollution in all versions up to 2024 (exclusive) due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • http://socialdriver.com https://wpscan.com/vulnerability/99ec0add-8f4d-4d68-91aa-80b1631a53bf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2006-0606
https://notcve.org/view.php?id=CVE-2006-0606
SQL injection vulnerability in Unknown Domain Shoutbox 2005.07.21 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors. Unknown Domain Shoutbox version 2005.07.21 is susceptible to multiple SQL injection and cross site scripting vulnerabilities. • http://evuln.com/vulns/55/summary.html http://secunia.com/advisories/18759 http://www.securityfocus.com/archive/1/424679/100/0/threaded http://www.securityfocus.com/bid/16543 http://www.vupen.com/english/advisories/2006/0476 •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2006-0605
https://notcve.org/view.php?id=CVE-2006-0605
Multiple cross-site scripting (XSS) vulnerabilities in Unknown Domain Shoutbox 2005.07.21 allow remote attackers to inject arbitrary web script or HTML, possibly via the (1) Handle or (2) Message fields. Unknown Domain Shoutbox version 2005.07.21 is susceptible to multiple SQL injection and cross site scripting vulnerabilities. • http://evuln.com/vulns/55/summary.html http://secunia.com/advisories/18759 http://www.securityfocus.com/archive/1/424679/100/0/threaded http://www.securityfocus.com/bid/16543 http://www.vupen.com/english/advisories/2006/0476 https://exchange.xforce.ibmcloud.com/vulnerabilities/24440 •