CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30966 – WordPress WPJobBoard plugin < 5.11.1 - Path Traversal vulnerability
https://notcve.org/view.php?id=CVE-2025-30966
10 Apr 2025 — Path Traversal vulnerability in NotFound WPJobBoard allows Path Traversal. This issue affects WPJobBoard: from n/a through n/a. The WP Job Board plugin for WordPress is vulnerable to Directory Traversal in all versions up to 5.11.1 (exclusive). This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform actions on files outside of the originally intended directory. • https://patchstack.com/database/wordpress/plugin/wpjobboard/vulnerability/wordpress-wpjobboard-plugin-5-11-1-path-traversal-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-35: Path Traversal: '.../ •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30967 – WordPress WPJobBoard plugin < 5.11.1 - CSRF to Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2025-30967
10 Apr 2025 — Cross-Site Request Forgery (CSRF) vulnerability in NotFound WPJobBoard allows Upload a Web Shell to a Web Server. This issue affects WPJobBoard: from n/a through n/a. The WPJobBoard plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to 5.11.1. This is due to missing or incorrect nonce validation on the function. This makes it possible for unauthenticated attackers to execute arbitrary code via a forged request granted they can trick a site administrator into performing an action... • https://patchstack.com/database/wordpress/plugin/wpjobboard/vulnerability/wordpress-wpjobboard-plugin-5-11-1-csrf-to-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30965 – WordPress WPJobBoard plugin < 5.11.1 - Multiple Cross Site Request Forgery (CSRF) vulnerabilities vulnerability
https://notcve.org/view.php?id=CVE-2025-30965
09 Apr 2025 — Cross-Site Request Forgery (CSRF) vulnerability in NotFound WPJobBoard allows Cross Site Request Forgery. This issue affects WPJobBoard: from n/a through n/a. The WPJobBoard plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to 5.11.1. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to perform unauthorized actions via a forged request granted they can trick a site administrator into performing an act... • https://patchstack.com/database/wordpress/plugin/wpjobboard/vulnerability/wordpress-wpjobboard-plugin-5-11-1-multiple-cross-site-request-forgery-csrf-vulnerabilities-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24781 – WordPress WPJobBoard plugin <= 5.10.1 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-24781
27 Jan 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound WPJobBoard allows Reflected XSS. This issue affects WPJobBoard: from n/a through 5.10.1. The WPJobBoard plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 5.10.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successf... • https://patchstack.com/database/wordpress/plugin/wpjobboard/vulnerability/wordpress-wpjobboard-plugin-5-10-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36525 – WPJobBoard <= 5.9.0 - Unauthenticated SQL Injection
https://notcve.org/view.php?id=CVE-2023-36525
27 Jun 2023 — The WPJobBoard plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 5.9.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-9019 – WPJobBoard <= 5.5.3 - Unauthenticated Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2020-9019
25 Feb 2020 — The WPJobBoard plugin 5.5.3 for WordPress allows Persistent XSS via the Add Job form, as demonstrated by title and Description. El plugin WPJobBoard versión 5.5.3 para WordPress, permite un ataque de tipo XSS Persistente, por medio del formulario Add Job, como es demostrado mediante el título y Descripción. • https://cert.ikiu.ac.ir/public-files/pages/attachments/11/a1f0e3e5aa9ba583298d03758b8ae95c.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2018-5695 – WP Job Board <= 4.4.4 - SQL Injection
https://notcve.org/view.php?id=CVE-2018-5695
06 Jan 2018 — The WpJobBoard plugin 4.4.4 for WordPress allows SQL injection via the order or sort parameter to the wpjb-job or wpjb-alerts module, with a request to wp-admin/admin.php. El plugin WpJobBoard 4.4.4 para WordPress permite inyección SQL mediante el parámetro order o sort en los módulos wpjb-job o wpjb-alerts, con una petición en wp-admin/admin.php. • https://www.vulnerability-lab.com/get_content.php?id=1940 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2017-15375 – WPJobBoard <= 4.5.1 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-15375
18 Aug 2017 — Multiple client-side cross site scripting vulnerabilities have been discovered in the WpJobBoard v4.5.1 web-application for WordPress. The vulnerabilities are located in the `query` and `id` parameters of the `wpjb-email`, `wpjb-job`, `wpjb-application`, and `wpjb-membership` modules. Remote attackers are able to inject malicious script code to hijack admin session credentials via the backend, or to manipulate the backend on client-side performed requests. The attack vector is non-persistent and the request... • https://www.vulnerability-lab.com/get_content.php?id=1941 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •