Sfwebservice Inwave Jobs vulnerabilities
2 known vulnerabilities affecting sfwebservice/inwave_jobs.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
1
Severity breakdown
CRITICAL2
Vulnerabilities
Page 1 of 1
CVE-2025-1315P1CRITICALCVSS 9.8Exploited≤ 3.5.12025-03-07
CVE-2025-1315 [CRITICAL] CWE-288 CVE-2025-1315: The InWave Jobs plugin for WordPress is vulnerable to privilege escalation via password reset in all
The InWave Jobs plugin for WordPress is vulnerable to privilege escalation via password reset in all versions up to, and including, 3.5.1. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administr
nvd
CVE-2025-39477P3CRITICALCVSS 9.8≥ n/a, ≤ 3.5.82026-01-06
CVE-2025-39477 [CRITICAL] CWE-862 CVE-2025-39477: Missing Authorization vulnerability in Sfwebservice InWave Jobs allows Exploiting Incorrectly Config
Missing Authorization vulnerability in Sfwebservice InWave Jobs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects InWave Jobs: from n/a through 3.5.8.
nvd