CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35760 – WordPress WP Job Portal – A Complete Job Board plugin <= 2.1.3 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-35760
17 Jun 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Job Portal allows Stored XSS.This issue affects WP Job Portal: from n/a through 2.1.3. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web (XSS o 'Cross-site Scripting') en WP Job Portal permite XSS Almacenado. Este problema afecta a WP Job Portal: desde n/a hasta 2.1.3. The WP Job Portal – A Complete Recruitment System for Company or Job Board website... • https://patchstack.com/database/vulnerability/wp-job-portal/wordpress-wp-job-portal-a-complete-job-board-plugin-2-1-3-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-52184 – WordPress WP Job Portal Plugin <= 2.0.6 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-52184
29 Dec 2023 — Cross-Site Request Forgery (CSRF) vulnerability in WP Job Portal WP Job Portal – A Complete Job Board.This issue affects WP Job Portal – A Complete Job Board: from n/a through 2.0.6. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en WP Job Portal WP Job Portal – A Complete Job Board. Este problema afecta a WP Job Portal – A Complete Job Board: desde n/a hasta 2.0.6. The WP Job Portal – A Complete Job Board plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and inclu... • https://patchstack.com/database/vulnerability/wp-job-portal/wordpress-wp-job-portal-plugin-2-0-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4490 – WP Job Portal < 2.0.6 - Unauthenticated SQLi
https://notcve.org/view.php?id=CVE-2023-4490
30 Aug 2023 — The WP Job Portal WordPress plugin before 2.0.6 does not sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users El complemento WP Job Portal de WordPress anterior a 2.0.6 no sanitiza ni escapa un parámetro antes de usarlo en una declaración SQL, lo que genera una inyección de SQL explotable por usuarios no autenticados. The WP Job Portal plugin for WordPress is vulnerable to SQL Injection via the 'city' parameter when conducting jo... • https://wpscan.com/vulnerability/986024f0-3c8d-44d8-a9c9-1dd284d7db0d • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41786 – WordPress WP Job Portal Plugin <= 2.0.1 is vulnerable to Broken Access Control
https://notcve.org/view.php?id=CVE-2022-41786
05 May 2023 — Missing Authorization vulnerability in WP Job Portal WP Job Portal – A Complete Job Board.This issue affects WP Job Portal – A Complete Job Board: from n/a through 2.0.1. Vulnerabilidad de autorización faltante en WP Job Portal WP Job Portal – A Complete Job Board. Este problema afecta a WP Job Portal – A Complete Job Board: desde n/a hasta 2.0.1. The WP Job Portal plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.1. This is due to missing or incorrect no... • https://patchstack.com/database/vulnerability/wp-job-portal/wordpress-wp-job-portal-plugin-1-1-9-unauthorized-plugin-settings-change-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28534 – WordPress WP Job Portal Plugin <= 2.0.0 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-28534
17 Mar 2023 — Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in WP Job Portal WP Job Portal – A Complete Job Board plugin <= 2.0.0 versions. The WP Job Portal plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with subscriber-level access, and above, to inject arbitrary web scripts in pages that will execute when... • https://patchstack.com/database/vulnerability/wp-job-portal/wordpress-wp-job-portal-a-complete-job-board-plugin-1-1-9-cross-site-scripting-xss?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •