CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8614 – WP JobSearch <= 2.6.7 - Authenticated (Subscriber+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-8614
The JobSearch WP Job Board plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the jobsearch_wp_handle_upload() function in all versions up to, and including, 2.6.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. El complemento JobSearch WP Job Board para WordPress es vulnerable a la carga de archivos arbitrarios debido a la falta de validación del tipo de archivo en la función jobsearch_wp_handle_upload() en todas las versiones hasta la 2.6.7 incluida. Esto permite que atacantes autenticados, con acceso de nivel de suscriptor o superior, carguen archivos arbitrarios en el servidor del sitio afectado, lo que puede hacer posible la ejecución remota de código. • https://codecanyon.net/item/jobsearch-wp-job-board-wordpress-plugin/21066856 https://www.wordfence.com/threat-intel/vulnerabilities/id/7832f8fe-2b41-4cfb-a734-db4ec88d91a3?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8615 – WP JobSearch <= 2.6.7 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-8615
The JobSearch WP Job Board plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the jobsearch_location_load_excel_file_callback() function in all versions up to, and including, 2.6.7. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. El complemento JobSearch WP Job Board para WordPress es vulnerable a la carga de archivos arbitrarios debido a la falta de validación del tipo de archivo en la función jobsearch_location_load_excel_file_callback() en todas las versiones hasta la 2.6.7 incluida. Esto hace posible que atacantes no autenticados carguen archivos arbitrarios en el servidor del sitio afectado, lo que puede hacer posible la ejecución remota de código. • https://codecanyon.net/item/jobsearch-wp-job-board-wordpress-plugin/21066856 https://www.wordfence.com/threat-intel/vulnerabilities/id/dd718d44-4921-4deb-af5a-43e5f3926914?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-4361 – JobSearch WP Job Board <= 1.8.1 - Missing Authorization to Arbitrary Options Update
https://notcve.org/view.php?id=CVE-2021-4361
The JobSearch WP Job Board plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the jobsearch_job_integrations_settin_save AJAX action in versions up to, and including, 1.8.1. This makes it possible for authenticated attackers to update arbitrary options on the site. • https://blog.nintechnet.com/wordpress-jobsearch-wp-job-board-plugin-fixed-vulnerability https://wpscan.com/vulnerability/a69aa52f-9876-4180-97a4-713459b43f24 https://www.wordfence.com/threat-intel/vulnerabilities/id/839a0cc0-a656-4107-a748-4ad85e950237?source=cve • CWE-284: Improper Access Control CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2021-4352 – JobSearch WP Job Board <= 1.8.1 - Missing Authorization to Settings Change
https://notcve.org/view.php?id=CVE-2021-4352
The JobSearch WP Job Board plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the save_locsettings function in versions up to, and including, 1.8.1. This makes it possible for unauthenticated attackers to change the settings of the plugin. • https://blog.nintechnet.com/wordpress-jobsearch-wp-job-board-plugin-fixed-vulnerability https://wpscan.com/vulnerability/ed7e664e-5a73-4d2d-a599-a0be89d6c2d1 https://www.wordfence.com/threat-intel/vulnerabilities/id/59170f0a-975e-487c-bdb0-585c802b3127?source=cve • CWE-284: Improper Access Control CWE-863: Incorrect Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2021-4364 – JobSearch WP Job Board < = 1.8.1 - Missing Authorization on jobsearch_update_job_import_schedule_call() function
https://notcve.org/view.php?id=CVE-2021-4364
The JobSearch WP Job Board plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the jobsearch_add_job_import_schedule_call() function in versions up to, and including, 1.8.1. This makes it possible for authenticated attackers to add and/or modify schedule calls. • https://blog.nintechnet.com/wordpress-jobsearch-wp-job-board-plugin-fixed-vulnerability https://wpscan.com/vulnerability/7e2dd5df-f758-419c-bfb8-b8e53235fede https://www.wordfence.com/threat-intel/vulnerabilities/id/9114018f-0678-4973-bb1e-932f0d93f963?source=cve • CWE-284: Improper Access Control CWE-862: Missing Authorization •