CVE-2021-4352 — Improper Access Control in Jobsearch WP JOB Board

CWE-284 — Improper Access Control CWE-863 — Incorrect Authorization7 documents4 sources

Severity

5.3MEDIUMNVD

EPSS

0.2%

top 63.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Eyecix Jobsearch WP JOB Board

Timeline

PublishedJun 7

Latest updateMay 22

Description

The JobSearch WP Job Board plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the save_locsettings function in versions up to, and including, 1.8.1. This makes it possible for unauthenticated attackers to change the settings of the plugin.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5eyecix/jobsearch_wp_job_board1.8.1

▶NVDeyecix/jobsearch_wp_job_board1.8.1

🔴Vulnerability Details

GHSA

GHSA-mhgq-65r2-56r4: The JobSearch WP Job Board plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the save_locsettings functi↗2023-06-07

▶

CVEList

JobSearch WP Job Board <= 1.8.1 - Missing Authorization to Settings Change↗2023-06-07

▶

💬Community

Bugzilla

CVE-2021-47310 kernel: net: ti: fix UAF in tlan_remove_one↗2024-05-22

▶

Bugzilla

CVE-2021-47311 kernel: net: qcom/emac: fix UAF in emac_remove↗2024-05-22

▶

Bugzilla

CVE-2021-47353 kernel: udf: Fix NULL pointer dereference in udf_symlink function↗2024-05-22

▶

Bugzilla

CVE-2021-47356 kernel: mISDN: fix possible use-after-free in HFC_cleanup()↗2024-05-22

▶