Job Manager
by WordPress
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-6668 | Hig | 0.50 | 7.5 | 0.10 | Oct 19, 2017 | The Job Manager plugin before 0.7.25 allows remote attackers to read arbitrary CV files via a brute force attack to the WordPress upload directory structure, related to an insecure direct object reference. | ||
| CVE-2023-31087 | Med | 0.35 | 5.4 | 0.00 | Nov 9, 2023 | Cross-Site Request Forgery (CSRF) vulnerability in JoomSky JS Job Manager plugin <= 2.0.0 versions. | ||
| CVE-2015-2321 | 0.03 | — | 0.05 | Aug 13, 2015 | Cross-site scripting (XSS) vulnerability in the Job Manager plugin 0.7.22 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the email field. | |||
| CVE-2023-6978 | 0.00 | — | 0.00 | Dec 4, 2024 | The WP Job Manager – Company Profiles plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'company' parameter in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. This makes it possible for… | |||
| CVE-2021-39336 | 0.00 | — | 0.01 | Oct 15, 2021 | The Job Manager WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/admin-jobs.php file which allowed attackers with administrative user access to inject arbitrary web scripts,… | |||
| CVE-2012-6713 | 0.00 | — | 0.01 | Aug 13, 2019 | The job-manager plugin before 0.7.19 for WordPress has multiple XSS issues. |
- risk 0.50cvss 7.5epss 0.10
The Job Manager plugin before 0.7.25 allows remote attackers to read arbitrary CV files via a brute force attack to the WordPress upload directory structure, related to an insecure direct object reference.
- risk 0.35cvss 5.4epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in JoomSky JS Job Manager plugin <= 2.0.0 versions.
- CVE-2015-2321Aug 13, 2015risk 0.03cvss —epss 0.05
Cross-site scripting (XSS) vulnerability in the Job Manager plugin 0.7.22 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the email field.
- CVE-2023-6978Dec 4, 2024risk 0.00cvss —epss 0.00
The WP Job Manager – Company Profiles plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'company' parameter in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. This makes it possible for…
- CVE-2021-39336Oct 15, 2021risk 0.00cvss —epss 0.01
The Job Manager WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/admin-jobs.php file which allowed attackers with administrative user access to inject arbitrary web scripts,…
- CVE-2012-6713Aug 13, 2019risk 0.00cvss —epss 0.01
The job-manager plugin before 0.7.19 for WordPress has multiple XSS issues.