Wp Jobsearch
by WordPress
CVEs (17)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-62025 | Cri | 0.64 | 9.8 | 0.01 | Oct 22, 2025 | Deserialization of Untrusted Data vulnerability in eyecix JobSearch wp-jobsearch.This issue affects JobSearch: from n/a through < 3.0.8. | ||
| CVE-2024-47636 | Cri | 0.64 | 9.8 | 0.01 | Oct 10, 2024 | Deserialization of Untrusted Data vulnerability in eyecix JobSearch wp-jobsearch allows Object Injection.This issue affects JobSearch: from n/a through <= 2.5.9. | ||
| CVE-2024-43245 | Cri | 0.64 | 9.8 | 0.00 | Aug 19, 2024 | Improper Privilege Management vulnerability in eyecix JobSearch allows Privilege Escalation.This issue affects JobSearch: from n/a through 2.3.4. | ||
| CVE-2025-52806 | Hig | 0.49 | 7.5 | 0.00 | Aug 14, 2025 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in eyecix JobSearch wp-jobsearch allows PHP Local File Inclusion.This issue affects JobSearch: from n/a through < 3.0.8. | ||
| CVE-2025-52798 | Hig | 0.46 | 7.1 | 0.00 | Jul 4, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in eyecix JobSearch wp-jobsearch allows Reflected XSS.This issue affects JobSearch: from n/a through < 3.0.6. | ||
| CVE-2024-47394 | Hig | 0.46 | 7.1 | 0.00 | Oct 5, 2024 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in eyecix JobSearch wp-jobsearch allows Reflected XSS.This issue affects JobSearch: from n/a through <= 2.5.9. | ||
| CVE-2025-49978 | Med | 0.28 | 4.3 | 0.00 | Jun 20, 2025 | Authorization Bypass Through User-Controlled Key vulnerability in eyecix JobSearch wp-jobsearch allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JobSearch: from n/a through < 3.0.6. | ||
| CVE-2024-43930 | Med | 0.28 | 4.3 | 0.00 | Oct 31, 2024 | Cross-Site Request Forgery (CSRF) vulnerability in eyecix JobSearch allows Cross Site Request Forgery.This issue affects JobSearch: from n/a through 2.5.3. | ||
| CVE-2026-54186 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated SQL Injection in JobSearch <= 3.2.9 versions. | |||
| CVE-2026-49057 | 0.00 | — | 0.00 | Jun 16, 2026 | Unauthenticated Broken Access Control in JobSearch <= 3.2.7 versions. | |||
| CVE-2024-43928 | 0.00 | — | 0.00 | Nov 1, 2024 | Missing Authorization vulnerability in eyecix JobSearch allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JobSearch: from n/a through 2.5.4. | |||
| CVE-2024-43929 | 0.00 | — | 0.00 | Nov 1, 2024 | Missing Authorization vulnerability in eyecix JobSearch allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JobSearch: from n/a through 2.5.4. | |||
| CVE-2024-43931 | 0.00 | — | 0.01 | Aug 29, 2024 | Deserialization of Untrusted Data vulnerability in eyecix JobSearch allows Object Injection.This issue affects JobSearch: from n/a through 2.5.3. | |||
| CVE-2023-6584 | 0.00 | — | 0.01 | Feb 27, 2024 | The WP JobSearch WordPress plugin before 2.3.4 does not prevent attackers from logging-in as any users with the only knowledge of that user's email address. | |||
| CVE-2023-6585 | 0.00 | — | 0.01 | Feb 27, 2024 | The WP JobSearch WordPress plugin before 2.3.4 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server | |||
| CVE-2022-1168 | 0.00 | — | 0.02 | Apr 4, 2022 | There is a Cross-Site Scripting vulnerability in the JobSearch WP JobSearch WordPress plugin before 1.5.1. | |||
| CVE-2021-24421 | 0.00 | — | 0.01 | Jul 12, 2021 | The WP JobSearch WordPress plugin before 1.7.4 did not sanitise or escape multiple of its parameters from the my-resume page before outputting them in the page, allowing low privilege users to use JavaScript payloads in them and leading to a Stored Cross-Site Scripting issue |
- risk 0.64cvss 9.8epss 0.01
Deserialization of Untrusted Data vulnerability in eyecix JobSearch wp-jobsearch.This issue affects JobSearch: from n/a through < 3.0.8.
- risk 0.64cvss 9.8epss 0.01
Deserialization of Untrusted Data vulnerability in eyecix JobSearch wp-jobsearch allows Object Injection.This issue affects JobSearch: from n/a through <= 2.5.9.
- risk 0.64cvss 9.8epss 0.00
Improper Privilege Management vulnerability in eyecix JobSearch allows Privilege Escalation.This issue affects JobSearch: from n/a through 2.3.4.
- risk 0.49cvss 7.5epss 0.00
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in eyecix JobSearch wp-jobsearch allows PHP Local File Inclusion.This issue affects JobSearch: from n/a through < 3.0.8.
- risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in eyecix JobSearch wp-jobsearch allows Reflected XSS.This issue affects JobSearch: from n/a through < 3.0.6.
- risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in eyecix JobSearch wp-jobsearch allows Reflected XSS.This issue affects JobSearch: from n/a through <= 2.5.9.
- risk 0.28cvss 4.3epss 0.00
Authorization Bypass Through User-Controlled Key vulnerability in eyecix JobSearch wp-jobsearch allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JobSearch: from n/a through < 3.0.6.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in eyecix JobSearch allows Cross Site Request Forgery.This issue affects JobSearch: from n/a through 2.5.3.
- CVE-2026-54186Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated SQL Injection in JobSearch <= 3.2.9 versions.
- CVE-2026-49057Jun 16, 2026risk 0.00cvss —epss 0.00
Unauthenticated Broken Access Control in JobSearch <= 3.2.7 versions.
- CVE-2024-43928Nov 1, 2024risk 0.00cvss —epss 0.00
Missing Authorization vulnerability in eyecix JobSearch allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JobSearch: from n/a through 2.5.4.
- CVE-2024-43929Nov 1, 2024risk 0.00cvss —epss 0.00
Missing Authorization vulnerability in eyecix JobSearch allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JobSearch: from n/a through 2.5.4.
- CVE-2024-43931Aug 29, 2024risk 0.00cvss —epss 0.01
Deserialization of Untrusted Data vulnerability in eyecix JobSearch allows Object Injection.This issue affects JobSearch: from n/a through 2.5.3.
- CVE-2023-6584Feb 27, 2024risk 0.00cvss —epss 0.01
The WP JobSearch WordPress plugin before 2.3.4 does not prevent attackers from logging-in as any users with the only knowledge of that user's email address.
- CVE-2023-6585Feb 27, 2024risk 0.00cvss —epss 0.01
The WP JobSearch WordPress plugin before 2.3.4 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server
- CVE-2022-1168Apr 4, 2022risk 0.00cvss —epss 0.02
There is a Cross-Site Scripting vulnerability in the JobSearch WP JobSearch WordPress plugin before 1.5.1.
- CVE-2021-24421Jul 12, 2021risk 0.00cvss —epss 0.01
The WP JobSearch WordPress plugin before 1.7.4 did not sanitise or escape multiple of its parameters from the my-resume page before outputting them in the page, allowing low privilege users to use JavaScript payloads in them and leading to a Stored Cross-Site Scripting issue