Chimpgroup Jobcareer vulnerabilities
5 known vulnerabilities affecting chimpgroup/jobcareer.
Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH2
Vulnerabilities
Page 1 of 1
CVE-2024-11284P2CRITICALCVSS 9.8≤ 7.12025-03-14
CVE-2024-11284 [CRITICAL] CWE-639 CVE-2024-11284: The WP JobHunt plugin for WordPress is vulnerable to privilege escalation via account takeover in al
The WP JobHunt plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6.9. This is due to the plugin not properly validating a user's identity prior to updating their password through the account_settings_save_callback() function. This makes it possible for unauthenticated attackers to
nvd
CVE-2024-11285P2CRITICALCVSS 9.8≤ 7.12025-03-14
CVE-2024-11285 [CRITICAL] CWE-639 CVE-2024-11285: The WP JobHunt plugin for WordPress is vulnerable to privilege escalation via account takeover in al
The WP JobHunt plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 7.1. This is due to the plugin not properly validating a user's identity prior to updating their details like email via the account_settings_callback() function. This makes it possible for unauthenticated attackers t
nvd
CVE-2024-11286P2CRITICALCVSS 9.8≤ 7.12025-03-14
CVE-2024-11286 [CRITICAL] CWE-288 CVE-2024-11286: The WP JobHunt plugin for WordPress is vulnerable to authentication bypass in all versions up to, an
The WP JobHunt plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.1. This is due to the plugin not properly verifying a user's identity prior to authenticating them through the cs_parse_request() function. This makes it possible for unauthenticated attackers to to log in to any user's account, inclu
nvd
CVE-2024-11283P3HIGHCVSS 7.5≤ 7.12025-03-14
CVE-2024-11283 [HIGH] CWE-289 CVE-2024-11283: The WP JobHunt plugin for WordPress is vulnerable to authentication bypass in all versions up to, an
The WP JobHunt plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.1. This is due to wp_ajax_google_api_login_callback function not properly verifying a user's identity prior to authenticating them. This makes it possible for unauthenticated attackers to access arbitrary candidate accounts.
nvd
CVE-2024-12810P3HIGHCVSS 8.1≤ 7.12025-03-14
CVE-2024-12810 [HIGH] CWE-862 CVE-2024-12810: The JobCareer | Job Board Responsive WordPress Theme theme for WordPress is vulnerable to unauthoriz
The JobCareer | Job Board Responsive WordPress Theme theme for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability checks on multiple functions in all versions up to, and including, 7.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary
nvd