CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43928 – WordPress JobSearch WP Job Board WordPress Plugin plugin <= 2.5.4 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-43928
Missing Authorization vulnerability in eyecix JobSearch allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JobSearch: from n/a through 2.5.4. The JobSearch plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 2.5.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action. • https://patchstack.com/database/vulnerability/wp-jobsearch/wordpress-jobsearch-wp-job-board-wordpress-plugin-plugin-2-5-4-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43245 – WordPress JobSearch plugin <= 2.3.4 - Unauthenticated Account Takeover vulnerability
https://notcve.org/view.php?id=CVE-2024-43245
Improper Privilege Management vulnerability in eyecix JobSearch allows Privilege Escalation.This issue affects JobSearch: from n/a through 2.3.4. The JobSearch WP Job Board plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.3.4. This is due to the plugin not properly validating identity on login functionality. This makes it possible for unauthenticated attackers to gain access to accounts they should not have access to. • https://patchstack.com/database/vulnerability/wp-jobsearch/wordpress-jobsearch-plugin-2-3-4-unauthenticated-account-takeover-vulnerability?_s_id=cve • CWE-269: Improper Privilege Management CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-6585 – JobSearch WP Job Board < 2.3.4 - Arbitrary File Upload to RCE
https://notcve.org/view.php?id=CVE-2023-6585
The WP JobSearch WordPress plugin before 2.3.4 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server El complemento WP JobSearch de WordPress anterior a 2.3.4 no valida los archivos que se cargarán, lo que podría permitir a atacantes no autenticados cargar archivos arbitrarios como PHP en el servidor. The JobSearch WP Job Board plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the jobsearch_facebook_get_soc_login_url function in all versions up to, and including, 2.3.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://wpscan.com/vulnerability/757412f4-e4f8-4007-8e3b-639a72b33180 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-6584 – JobSearch WP Job Board < 2.3.4 - Authentication Bypass
https://notcve.org/view.php?id=CVE-2023-6584
The WP JobSearch WordPress plugin before 2.3.4 does not prevent attackers from logging-in as any users with the only knowledge of that user's email address. El complemento WP JobSearch de WordPress anterior a 2.3.4 no impide que los atacantes inicien sesión como cualquier usuario con el único conocimiento de la dirección de correo electrónico de ese usuario. The JobSearch WP Job Board plugin for WordPress is vulnerable to authenticated bypass in all versions up to, and including, 2.3.3. This is due to the plugin not properly validating a users identity through the jobsearch_facebook_get_soc_login_url action. This makes it possible for unauthenticated attackers to log in as any user, including administrators, as long as they have access to the email address. • https://wpscan.com/vulnerability/e528e3cd-a45c-4bf7-a37a-101f5c257acd • CWE-288: Authentication Bypass Using an Alternate Path or Channel •