Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total11
Critical3
High4
Medium4
Reset
Showing 1-11 of 11 records
Threat Entry Updated 2025-06-17

CVE-2024-11917 - Jobsearch Wp Job Board Plugin

The JobSearch WP Job Board plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.9.2. This is due to improper configurations in the 'jobsearch_xing_response_data_callback', 'set_access_tokes', and 'google_callback' functions. This makes it possible for unauthenticated attackers to log in as the first connected Xing user, or any connected Xing user if the Xing id is known. It is also possible for unauthenticated attackers to log in as the first connected Google user if the user has logged in, without subsequently logging out, in thirty days.…

PLUGIN Jobsearch Wp Job Board

CVE-2024-11917

HIGH CVSS 8.1 2025-04-25
Open Full Technical Breakdown
Threat Entry Updated 2024-11-28

CVE-2024-11925 - Jobsearch Wp Job Board Plugin

The JobSearch WP Job Board plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.6.7. This is due to the plugin not properly verifying a users identity when verifying an email address through the user_account_activation function. This makes it possible for unauthenticated attackers to log in as any user, including site administrators if the users email is known.

PLUGIN Jobsearch Wp Job Board

CVE-2024-11925

CRITICAL CVSS 9.8 2024-11-28
Open Full Technical Breakdown
Threat Entry Updated 2024-11-08

CVE-2024-8615 - Jobsearch Wp Job Board Plugin

The JobSearch WP Job Board plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the jobsearch_location_load_excel_file_callback() function in all versions up to, and including, 2.6.7. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.

PLUGIN Jobsearch Wp Job Board

CVE-2024-8615

CRITICAL CVSS 10.0 2024-11-06
Open Full Technical Breakdown
Threat Entry Updated 2024-11-08

CVE-2024-8614 - Jobsearch Wp Job Board Plugin

The JobSearch WP Job Board plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the jobsearch_wp_handle_upload() function in all versions up to, and including, 2.6.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

PLUGIN Jobsearch Wp Job Board

CVE-2024-8614

CRITICAL CVSS 9.9 2024-11-06
Open Full Technical Breakdown
Threat Entry Updated 2025-05-01

CVE-2023-6585 - Jobsearch Wp Job Board Plugin

The WP JobSearch WordPress plugin before 2.3.4 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server

PLUGIN Jobsearch Wp Job Board

CVE-2023-6585

HIGH CVSS 7.5 2024-02-27
Open Full Technical Breakdown
Threat Entry Updated 2026-04-08

CVE-2021-4361 - Jobsearch Wp Job Board Plugin

The JobSearch WP Job Board plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the jobsearch_job_integrations_settin_save AJAX action in versions up to, and including, 1.8.1. This makes it possible for authenticated attackers to update arbitrary options on the site.

PLUGIN Jobsearch Wp Job Board

CVE-2021-4361

HIGH CVSS 8.8 2023-06-07
Open Full Technical Breakdown
Threat Entry Updated 2026-04-08

CVE-2021-4364 - Jobsearch Wp Job Board Plugin

The JobSearch WP Job Board plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the jobsearch_add_job_import_schedule_call() function in versions up to, and including, 1.8.1. This makes it possible for authenticated attackers to add and/or modify schedule calls.

PLUGIN Jobsearch Wp Job Board

CVE-2021-4364

MEDIUM CVSS 4.3 2023-06-07
Open Full Technical Breakdown
Threat Entry Updated 2026-04-08

CVE-2021-4352 - Jobsearch Wp Job Board Plugin

The JobSearch WP Job Board plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the save_locsettings function in versions up to, and including, 1.8.1. This makes it possible for unauthenticated attackers to change the settings of the plugin.

PLUGIN Jobsearch Wp Job Board

CVE-2021-4352

MEDIUM CVSS 5.3 2023-06-07
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-24421 - Jobsearch Wp Job Board Plugin

The WP JobSearch WordPress plugin before 1.7.4 did not sanitise or escape multiple of its parameters from the my-resume page before outputting them in the page, allowing low privilege users to use JavaScript payloads in them and leading to a Stored Cross-Site Scripting issue

PLUGIN Jobsearch Wp Job Board

CVE-2021-24421

MEDIUM CVSS 5.4 2021-07-12
Open Full Technical Breakdown
Scroll to top