VYPR

Wp Jobhunt

by WordPress

CVEs (11)

  • CVE-2025-6585HigJul 22, 2025
    risk 0.53cvss 8.1epss 0.00

    The WP JobHunt plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 7.2 via the cs_remove_profile_callback() function due to missing validation on a user controlled key. This makes it possible for authenticated attackers,…

  • CVE-2025-7782HigDec 20, 2025
    risk 0.49cvss 7.6epss 0.00

    The WP JobHunt plugin for WordPress, used by the JobCareer theme, is vulnerable to unauthorized modification of data due to a missing capability check on the 'cs_update_application_status_callback' function in all versions up to, and including, 7.7. This makes it possible for…

  • CVE-2025-7781MedOct 10, 2025
    risk 0.42cvss 6.4epss 0.00

    The WP JobHunt plugin for WordPress, used by the JobCareer theme, is vulnerable to Stored Cross-Site Scripting via the ‘cs_job_title’ parameter in all versions up to, and including, 7.6 due to insufficient input sanitization and output escaping. This makes it possible for…

  • CVE-2025-7374MedOct 10, 2025
    risk 0.35cvss 5.4epss 0.00

    The WP JobHunt plugin for WordPress, used by the JobCareer theme, is vulnerable to authorization bypass in all versions up to, and including, 7.6. This is due to insufficient login restrictions on inactive and pending accounts. This makes it possible for authenticated attackers,…

  • CVE-2025-7733MedDec 20, 2025
    risk 0.28cvss 4.3epss 0.00

    The WP JobHunt plugin for WordPress, used by the JobCareer theme, is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 7.7 via the 'cs_update_application_status_callback' due to missing validation on a user controlled key. This makes it…

  • CVE-2018-19488Mar 17, 2019
    risk 0.02cvss epss 0.04

    The WP-jobhunt plugin before version 2.4 for WordPress does not control AJAX requests sent to the cs_reset_pass() function through the admin-ajax.php file, which allows remote unauthenticated attackers to reset the password of a user's account.

  • CVE-2018-19487Mar 17, 2019
    risk 0.02cvss epss 0.05

    The WP-jobhunt plugin before version 2.4 for WordPress does not control AJAX requests sent to the cs_employer_ajax_profile() function through the admin-ajax.php file, which allows remote unauthenticated attackers to enumerate information about users.

  • CVE-2024-11283Mar 14, 2025
    risk 0.00cvss epss 0.00

    The WP JobHunt plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.1. This is due to wp_ajax_google_api_login_callback function not properly verifying a user's identity prior to authenticating them. This makes it possible for…

  • CVE-2024-11286Mar 14, 2025
    risk 0.00cvss epss 0.01

    The WP JobHunt plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.1. This is due to the plugin not properly verifying a user's identity prior to authenticating them through the cs_parse_request() function. This makes it possible…

  • CVE-2024-11284Mar 14, 2025
    risk 0.00cvss epss 0.01

    The WP JobHunt plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6.9. This is due to the plugin not properly validating a user's identity prior to updating their password through the…

  • CVE-2024-11285Mar 14, 2025
    risk 0.00cvss epss 0.00

    The WP JobHunt plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 7.1. This is due to the plugin not properly validating a user's identity prior to updating their details like email via the…