CVE-2023-6584
JobSearch WP Job Board < 2.3.4 - Authentication Bypass
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
The WP JobSearch WordPress plugin before 2.3.4 does not prevent attackers from logging-in as any users with the only knowledge of that user's email address.
El complemento WP JobSearch de WordPress anterior a 2.3.4 no impide que los atacantes inicien sesión como cualquier usuario con el único conocimiento de la dirección de correo electrónico de ese usuario.
The JobSearch WP Job Board plugin for WordPress is vulnerable to authenticated bypass in all versions up to, and including, 2.3.3. This is due to the plugin not properly validating a users identity through the jobsearch_facebook_get_soc_login_url action. This makes it possible for unauthenticated attackers to log in as any user, including administrators, as long as they have access to the email address.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2023-11-24 CVE Published
- 2023-12-07 CVE Reserved
- 2024-02-28 EPSS Updated
- 2024-08-02 CVE Updated
- 2024-08-02 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-288: Authentication Bypass Using an Alternate Path or Channel
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://wpscan.com/vulnerability/e528e3cd-a45c-4bf7-a37a-101f5c257acd | 2024-08-02 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Unknown Search vendor "Unknown" | WP JobSearch Search vendor "Unknown" for product "WP JobSearch" | < 2.3.4 Search vendor "Unknown" for product "WP JobSearch" and version " < 2.3.4" | en |
Affected
| ||||||