Vulnerabilites related to Unknown - WP JobSearch
CVE-2023-6584 (GCVE-0-2023-6584)
Vulnerability from cvelistv5
Published
2024-02-27 08:30
Modified
2025-04-22 16:10
Severity ?
VLAI Severity ?
EPSS score ?
Summary
The WP JobSearch WordPress plugin before 2.3.4 does not prevent attackers from logging-in as any users with the only knowledge of that user's email address.
References
| ▼ | URL | Tags |
|---|---|---|
| https://wpscan.com/vulnerability/e528e3cd-a45c-4bf7-a37a-101f5c257acd/ | exploit, vdb-entry, technical-description |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | WP JobSearch |
Version: 0 ≤ |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:wpjobsearch:wpjobsearch_wordpress:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wpjobsearch_wordpress",
"vendor": "wpjobsearch",
"versions": [
{
"lessThan": "2.3.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-6584",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-27T15:39:56.487334Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T16:10:05.518Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:35:14.824Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/e528e3cd-a45c-4bf7-a37a-101f5c257acd/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WP JobSearch",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.3.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Marc Montpas"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP JobSearch WordPress plugin before 2.3.4 does not prevent attackers from logging-in as any users with the only knowledge of that user\u0027s email address."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-27T08:30:26.628Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/e528e3cd-a45c-4bf7-a37a-101f5c257acd/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "JobSearch WP Job Board \u003c 2.3.4 - Authentication Bypass",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2023-6584",
"datePublished": "2024-02-27T08:30:26.628Z",
"dateReserved": "2023-12-07T15:00:43.235Z",
"dateUpdated": "2025-04-22T16:10:05.518Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24421 (GCVE-0-2021-24421)
Vulnerability from cvelistv5
Published
2021-07-12 19:20
Modified
2024-08-03 19:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (XSS)
Summary
The WP JobSearch WordPress plugin before 1.7.4 did not sanitise or escape multiple of its parameters from the my-resume page before outputting them in the page, allowing low privilege users to use JavaScript payloads in them and leading to a Stored Cross-Site Scripting issue
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | WP JobSearch |
Version: 1.7.4 < 1.7.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:28:24.004Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/b378d36d-66d9-4373-a628-e379e4766375"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://m0ze.ru/vulnerability/%5B2021-05-19%5D-%5BWordPress%5D-%5BCWE-79%5D-WP-JobSearch-WordPress-Plugin-v1.7.3.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WP JobSearch",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.7.4",
"status": "affected",
"version": "1.7.4",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "m0ze"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP JobSearch WordPress plugin before 1.7.4 did not sanitise or escape multiple of its parameters from the my-resume page before outputting them in the page, allowing low privilege users to use JavaScript payloads in them and leading to a Stored Cross-Site Scripting issue"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-12T19:20:56",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wpscan.com/vulnerability/b378d36d-66d9-4373-a628-e379e4766375"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://m0ze.ru/vulnerability/%5B2021-05-19%5D-%5BWordPress%5D-%5BCWE-79%5D-WP-JobSearch-WordPress-Plugin-v1.7.3.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "WP JobSearch \u003c 1.7.4 - Authenticated Stored XSS",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24421",
"STATE": "PUBLIC",
"TITLE": "WP JobSearch \u003c 1.7.4 - Authenticated Stored XSS"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WP JobSearch",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.7.4",
"version_value": "1.7.4"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "m0ze"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WP JobSearch WordPress plugin before 1.7.4 did not sanitise or escape multiple of its parameters from the my-resume page before outputting them in the page, allowing low privilege users to use JavaScript payloads in them and leading to a Stored Cross-Site Scripting issue"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/b378d36d-66d9-4373-a628-e379e4766375",
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/b378d36d-66d9-4373-a628-e379e4766375"
},
{
"name": "https://m0ze.ru/vulnerability/[2021-05-19]-[WordPress]-[CWE-79]-WP-JobSearch-WordPress-Plugin-v1.7.3.txt",
"refsource": "MISC",
"url": "https://m0ze.ru/vulnerability/[2021-05-19]-[WordPress]-[CWE-79]-WP-JobSearch-WordPress-Plugin-v1.7.3.txt"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24421",
"datePublished": "2021-07-12T19:20:56",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:28:24.004Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6585 (GCVE-0-2023-6585)
Vulnerability from cvelistv5
Published
2024-02-27 08:30
Modified
2024-08-09 20:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
The WP JobSearch WordPress plugin before 2.3.4 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server
References
| ▼ | URL | Tags |
|---|---|---|
| https://wpscan.com/vulnerability/757412f4-e4f8-4007-8e3b-639a72b33180/ | exploit, vdb-entry, technical-description |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | WP JobSearch |
Version: 0 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:35:14.606Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/757412f4-e4f8-4007-8e3b-639a72b33180/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:eyecix:jobsearch_wp_job_board:*:*:*:*:*:wordpress:*:*"
],
"defaultStatus": "unaffected",
"product": "jobsearch_wp_job_board",
"vendor": "eyecix",
"versions": [
{
"lessThan": "2.3.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-6585",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-29T19:35:45.909806Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-09T20:57:46.541Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WP JobSearch",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.3.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Furkan Gedik"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP JobSearch WordPress plugin before 2.3.4 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-27T08:30:25.818Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/757412f4-e4f8-4007-8e3b-639a72b33180/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "JobSearch WP Job Board \u003c 2.3.4 - Arbitrary File Upload to RCE",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2023-6585",
"datePublished": "2024-02-27T08:30:25.818Z",
"dateReserved": "2023-12-07T15:01:09.222Z",
"dateUpdated": "2024-08-09T20:57:46.541Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1168 (GCVE-0-2022-1168)
Vulnerability from cvelistv5
Published
2022-04-04 15:36
Modified
2024-08-02 23:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (XSS)
Summary
There is a Cross-Site Scripting vulnerability in the JobSearch WP JobSearch WordPress plugin before 1.5.1.
References
| ▼ | URL | Tags |
|---|---|---|
| https://codecanyon.net/item/jobsearch-wp-job-board-wordpress-plugin/21066856 | x_refsource_MISC | |
| https://wpscan.com/vulnerability/bcf38e87-011e-4540-8bfb-c93443a4a490 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | WP JobSearch |
Version: 1.5.1 < 1.5.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:55:24.666Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://codecanyon.net/item/jobsearch-wp-job-board-wordpress-plugin/21066856"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/bcf38e87-011e-4540-8bfb-c93443a4a490"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WP JobSearch",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.5.1",
"status": "affected",
"version": "1.5.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Daniel Ruf"
}
],
"descriptions": [
{
"lang": "en",
"value": "There is a Cross-Site Scripting vulnerability in the JobSearch WP JobSearch WordPress plugin before 1.5.1."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-04T15:36:07",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://codecanyon.net/item/jobsearch-wp-job-board-wordpress-plugin/21066856"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/bcf38e87-011e-4540-8bfb-c93443a4a490"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "JobSearch \u003c 1.5.1 - Unauthenticated Reflected Cross-Site Scripting (XSS)",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-1168",
"STATE": "PUBLIC",
"TITLE": "JobSearch \u003c 1.5.1 - Unauthenticated Reflected Cross-Site Scripting (XSS)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WP JobSearch",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.5.1",
"version_value": "1.5.1"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Daniel Ruf"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a Cross-Site Scripting vulnerability in the JobSearch WP JobSearch WordPress plugin before 1.5.1."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://codecanyon.net/item/jobsearch-wp-job-board-wordpress-plugin/21066856",
"refsource": "MISC",
"url": "https://codecanyon.net/item/jobsearch-wp-job-board-wordpress-plugin/21066856"
},
{
"name": "https://wpscan.com/vulnerability/bcf38e87-011e-4540-8bfb-c93443a4a490",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/bcf38e87-011e-4540-8bfb-c93443a4a490"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-1168",
"datePublished": "2022-04-04T15:36:08",
"dateReserved": "2022-03-30T00:00:00",
"dateUpdated": "2024-08-02T23:55:24.666Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}