Unknown Wp Jobsearch vulnerabilities
4 known vulnerabilities affecting unknown/wp_jobsearch.
Total CVEs
4
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2023-6585HIGHCVSS 7.5fixed in 2.3.42024-02-27
CVE-2023-6585 [HIGH] CWE-434 CVE-2023-6585: The WP JobSearch WordPress plugin before 2.3.4 does not validate files to be uploaded, which could a
The WP JobSearch WordPress plugin before 2.3.4 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server
cvelistv5nvd
CVE-2023-6584HIGHCVSS 7.5fixed in 2.3.42024-02-27
CVE-2023-6584 [HIGH] CWE-287 CVE-2023-6584: The WP JobSearch WordPress plugin before 2.3.4 does not prevent attackers from logging-in as any use
The WP JobSearch WordPress plugin before 2.3.4 does not prevent attackers from logging-in as any users with the only knowledge of that user's email address.
cvelistv5nvd
CVE-2022-1168MEDIUMCVSS 6.1PoC≥ 1.5.1, < 1.5.12022-04-04
CVE-2022-1168 [MEDIUM] CWE-79 CVE-2022-1168: There is a Cross-Site Scripting vulnerability in the JobSearch WP JobSearch WordPress plugin before
There is a Cross-Site Scripting vulnerability in the JobSearch WP JobSearch WordPress plugin before 1.5.1.
cvelistv5nvd
CVE-2021-24421MEDIUMCVSS 5.4≥ 1.7.4, < 1.7.42021-07-12
CVE-2021-24421 [MEDIUM] CWE-79 CVE-2021-24421: The WP JobSearch WordPress plugin before 1.7.4 did not sanitise or escape multiple of its parameters
The WP JobSearch WordPress plugin before 1.7.4 did not sanitise or escape multiple of its parameters from the my-resume page before outputting them in the page, allowing low privilege users to use JavaScript payloads in them and leading to a Stored Cross-Site Scripting issue
cvelistv5nvd