Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total9
Critical3
High3
Medium3
Reset
Showing 1-9 of 9 records
Threat Entry Updated 2025-12-23

CVE-2025-7782 - Wp Jobhunt Plugin

The WP JobHunt plugin for WordPress, used by the JobCareer theme, is vulnerable to unauthorized modification of data due to a missing capability check on the 'cs_update_application_status_callback' function in all versions up to, and including, 7.7. This makes it possible for authenticated attackers, with Candidate-level access and above, to inject cross-site scripting into the 'status' parameter of applied jobs for any user.

PLUGIN Wp Jobhunt

CVE-2025-7782

HIGH CVSS 7.6 2025-12-20
Open Full Technical Breakdown
Threat Entry Updated 2025-12-23

CVE-2025-7733 - Wp Jobhunt Plugin

The WP JobHunt plugin for WordPress, used by the JobCareer theme, is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 7.7 via the 'cs_update_application_status_callback' due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Candidate-level access and above, to send a site-generated email with injected HTML to any user.

PLUGIN Wp Jobhunt

CVE-2025-7733

MEDIUM CVSS 4.3 2025-12-20
Open Full Technical Breakdown
Threat Entry Updated 2025-10-14

CVE-2025-7781 - Wp Jobhunt Plugin

The WP JobHunt plugin for WordPress, used by the JobCareer theme, is vulnerable to Stored Cross-Site Scripting via the ‘cs_job_title’ parameter in all versions up to, and including, 7.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Candidate-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Wp Jobhunt

CVE-2025-7781

MEDIUM CVSS 6.4 2025-10-10
Open Full Technical Breakdown
Threat Entry Updated 2025-10-14

CVE-2025-7374 - Wp Jobhunt Plugin

The WP JobHunt plugin for WordPress, used by the JobCareer theme, is vulnerable to authorization bypass in all versions up to, and including, 7.6. This is due to insufficient login restrictions on inactive and pending accounts. This makes it possible for authenticated attackers, with Candidate- and Employer-level access and above, to log in to the site even if their account is inactive or pending.

PLUGIN Wp Jobhunt

CVE-2025-7374

MEDIUM CVSS 5.4 2025-10-10
Open Full Technical Breakdown
Threat Entry Updated 2025-07-22

CVE-2025-6585 - Wp Jobhunt Plugin

The WP JobHunt plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 7.2 via the cs_remove_profile_callback() function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete accounts of other users including admins.

PLUGIN Wp Jobhunt

CVE-2025-6585

HIGH CVSS 8.1 2025-07-22
Open Full Technical Breakdown
Threat Entry Updated 2025-07-08

CVE-2024-11286 - Wp Jobhunt Plugin

The WP JobHunt plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.1. This is due to the plugin not properly verifying a user's identity prior to authenticating them through the cs_parse_request() function. This makes it possible for unauthenticated attackers to to log in to any user's account, including administrators.

PLUGIN Wp Jobhunt

CVE-2024-11286

CRITICAL CVSS 9.8 2025-03-14
Open Full Technical Breakdown
Threat Entry Updated 2025-07-08

CVE-2024-11285 - Wp Jobhunt Plugin

The WP JobHunt plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 7.1. This is due to the plugin not properly validating a user's identity prior to updating their details like email via the account_settings_callback() function. This makes it possible for unauthenticated attackers to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account.

PLUGIN Wp Jobhunt

CVE-2024-11285

CRITICAL CVSS 9.8 2025-03-14
Open Full Technical Breakdown
Threat Entry Updated 2025-07-08

CVE-2024-11284 - Wp Jobhunt Plugin

The WP JobHunt plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6.9. This is due to the plugin not properly validating a user's identity prior to updating their password through the account_settings_save_callback() function. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.

PLUGIN Wp Jobhunt

CVE-2024-11284

CRITICAL CVSS 9.8 2025-03-14
Open Full Technical Breakdown
Threat Entry Updated 2025-07-08

CVE-2024-11283 - Wp Jobhunt Plugin

The WP JobHunt plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.1. This is due to wp_ajax_google_api_login_callback function not properly verifying a user's identity prior to authenticating them. This makes it possible for unauthenticated attackers to access arbitrary candidate accounts.

PLUGIN Wp Jobhunt

CVE-2024-11283

HIGH CVSS 7.5 2025-03-14
Open Full Technical Breakdown
Scroll to top