Page 2 of 9 results (0.011 seconds)

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

Missing Authorization vulnerability in eyecix JobSearch allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JobSearch: from n/a through 2.5.4. The JobSearch WP Job Board plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.5.4. This makes it possible for unauthenticated attackers to perform an unauthorized action. • https://patchstack.com/database/vulnerability/wp-jobsearch/wordpress-jobsearch-wp-job-board-wordpress-plugin-plugin-2-5-4-broken-access-control-vulnerability-2?_s_id=cve • CWE-862: Missing Authorization •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

Improper Privilege Management vulnerability in eyecix JobSearch allows Privilege Escalation.This issue affects JobSearch: from n/a through 2.3.4. The JobSearch WP Job Board plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.3.4. This is due to the plugin not properly validating identity on login functionality. This makes it possible for unauthenticated attackers to gain access to accounts they should not have access to. • https://patchstack.com/database/vulnerability/wp-jobsearch/wordpress-jobsearch-plugin-2-3-4-unauthenticated-account-takeover-vulnerability?_s_id=cve • CWE-269: Improper Privilege Management CWE-288: Authentication Bypass Using an Alternate Path or Channel •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

The WP JobSearch WordPress plugin before 2.3.4 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server El complemento WP JobSearch de WordPress anterior a 2.3.4 no valida los archivos que se cargarán, lo que podría permitir a atacantes no autenticados cargar archivos arbitrarios como PHP en el servidor. The JobSearch WP Job Board plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the jobsearch_facebook_get_soc_login_url function in all versions up to, and including, 2.3.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://wpscan.com/vulnerability/757412f4-e4f8-4007-8e3b-639a72b33180 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

The WP JobSearch WordPress plugin before 2.3.4 does not prevent attackers from logging-in as any users with the only knowledge of that user's email address. El complemento WP JobSearch de WordPress anterior a 2.3.4 no impide que los atacantes inicien sesión como cualquier usuario con el único conocimiento de la dirección de correo electrónico de ese usuario. The JobSearch WP Job Board plugin for WordPress is vulnerable to authenticated bypass in all versions up to, and including, 2.3.3. This is due to the plugin not properly validating a users identity through the jobsearch_facebook_get_soc_login_url action. This makes it possible for unauthenticated attackers to log in as any user, including administrators, as long as they have access to the email address. • https://wpscan.com/vulnerability/e528e3cd-a45c-4bf7-a37a-101f5c257acd • CWE-288: Authentication Bypass Using an Alternate Path or Channel •