CVE-2021-4364

CWE-284Improper Access ControlCWE-862Missing Authorization3 documents3 sources
Severity
4.3MEDIUM
EPSS
0.1%
top 75.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Eyecix Jobsearch WP JOB Board
Timeline
PublishedJun 7

Description

The JobSearch WP Job Board plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the jobsearch_add_job_import_schedule_call() function in versions up to, and including, 1.8.1. This makes it possible for authenticated attackers to add and/or modify schedule calls.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-v7gj-wffh-45gp: The JobSearch WP Job Board plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the jobsearch_add_job_impor2023-06-07
CVEList
JobSearch WP Job Board < = 1.8.1 - Missing Authorization on jobsearch_update_job_import_schedule_call() function2023-06-07
CVE-2021-4364 (MEDIUM CVSS 4.3) | The JobSearch WP Job Board plugin f | cvebase.io