Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for Noo JobMonster by Unknown

    CVE-2025-5397 (GCVE-0-2025-5397)

    Vulnerability from nvd – Published: 2025-10-31 06:42 – Updated: 2026-04-08 16:59
    VLAI
    Title
    Jobmonster - Job Board WordPress Theme <= 4.8.1 - Authentication Bypass
    Summary
    The Noo JobMonster theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 4.8.1. This is due to the check_login() function not properly verifying a user's identity prior to successfully authenticating them This makes it possible for unauthenticated attackers to bypass standard authentication and access administrative user accounts. Please note social login needs to be enabled in order for a site to be impacted by this vulnerability.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-288 - Authentication Bypass Using an Alternate Path or Channel
    Assigner
    Impacted products
    Vendor Product Version
    Unknown Noo JobMonster Affected: 0 , ≤ 4.8.1 (semver)
    Create a notification for this product.
    Credits
    Thái An
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-5397",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-31T14:28:51.783763Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-31T14:40:20.080Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Noo JobMonster",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThanOrEqual": "4.8.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Th\u00e1i An"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Noo JobMonster theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 4.8.1. This is due to the check_login() function not properly verifying a user\u0027s identity prior to successfully authenticating them  This makes it possible for unauthenticated attackers to bypass standard authentication and access administrative user accounts. Please note social login needs to be enabled in order for a site to be impacted by this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-288",
                  "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T16:59:58.036Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6fa4aa8d-d7f1-4e91-bb2c-c9f80a4bb216?source=cve"
            },
            {
              "url": "https://themeforest.net/item/jobmonster-job-board-wordpress-theme/10965446"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-10-30T18:40:35.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Jobmonster - Job Board WordPress Theme \u003c= 4.8.1 - Authentication Bypass"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2025-5397",
        "datePublished": "2025-10-31T06:42:54.832Z",
        "dateReserved": "2025-05-30T16:34:42.983Z",
        "dateUpdated": "2026-04-08T16:59:58.036Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2022-1170 (GCVE-0-2022-1170)

    Vulnerability from nvd – Published: 2022-04-04 15:36 – Updated: 2024-08-02 23:55
    VLAI
    Title
    JobMonster < 4.5.2.9 - Unauthenticated Reflected Cross-Site Scripting
    Summary
    In the Noo JobMonster WordPress theme before 4.5.2.9 JobMonster there is a XSS vulnerability as the input for the search form is provided through unsanitized GET requests.
    Severity
    No CVSS data available.
    CWE
    • CWE-79 - Cross-site Scripting (XSS)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Unknown Noo JobMonster Affected: 4.5.2.9 , < 4.5.2.9 (custom)
    Create a notification for this product.
    Credits
    Daniel Ruf
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:55:24.223Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://themeforest.net/item/jobmonster-job-board-wordpress-theme/10965446"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/2ecb18e6-b575-4a20-bd31-94d24f1d1efc"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Noo JobMonster",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "4.5.2.9",
                  "status": "affected",
                  "version": "4.5.2.9",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Daniel Ruf"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In the Noo JobMonster WordPress theme before 4.5.2.9 JobMonster there is a XSS vulnerability as the input for the search form is provided through unsanitized GET requests."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Cross-site Scripting (XSS)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-04T15:36:11.000Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://themeforest.net/item/jobmonster-job-board-wordpress-theme/10965446"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpscan.com/vulnerability/2ecb18e6-b575-4a20-bd31-94d24f1d1efc"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "JobMonster \u003c 4.5.2.9 - Unauthenticated Reflected Cross-Site Scripting",
          "x_generator": "WPScan CVE Generator",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "contact@wpscan.com",
              "ID": "CVE-2022-1170",
              "STATE": "PUBLIC",
              "TITLE": "JobMonster \u003c 4.5.2.9 - Unauthenticated Reflected Cross-Site Scripting"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Noo JobMonster",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "4.5.2.9",
                                "version_value": "4.5.2.9"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Unknown"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Daniel Ruf"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In the Noo JobMonster WordPress theme before 4.5.2.9 JobMonster there is a XSS vulnerability as the input for the search form is provided through unsanitized GET requests."
                }
              ]
            },
            "generator": "WPScan CVE Generator",
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79 Cross-site Scripting (XSS)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://themeforest.net/item/jobmonster-job-board-wordpress-theme/10965446",
                  "refsource": "MISC",
                  "url": "https://themeforest.net/item/jobmonster-job-board-wordpress-theme/10965446"
                },
                {
                  "name": "https://wpscan.com/vulnerability/2ecb18e6-b575-4a20-bd31-94d24f1d1efc",
                  "refsource": "MISC",
                  "url": "https://wpscan.com/vulnerability/2ecb18e6-b575-4a20-bd31-94d24f1d1efc"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2022-1170",
        "datePublished": "2022-04-04T15:36:11.000Z",
        "dateReserved": "2022-03-30T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:55:24.223Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-1166 (GCVE-0-2022-1166)

    Vulnerability from nvd – Published: 2022-04-04 15:36 – Updated: 2024-08-02 23:55
    VLAI
    Title
    JobMonster < 4.6.6.1 - Directory Listing in Upload Folder
    Summary
    The JobMonster Theme was vulnerable to Directory Listing in the /wp-content/uploads/jobmonster/ folder, as it did not include a default PHP file, or .htaccess file. This could expose personal data such as people's resumes. Although Directory Listing can be prevented by securely configuring the web server, vendors can also take measures to make it less likely to happen.
    Severity
    No CVSS data available.
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Unknown Noo JobMonster Affected: 4.5.2.9 , < 4.5.2.9 (custom)
    Create a notification for this product.
    Credits
    Daniel Ruf
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:55:24.352Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/ea6646ac-f71f-4340-965d-fab272da5189"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://themeforest.net/item/jobmonster-job-board-wordpress-theme/10965446"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Noo JobMonster",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "4.5.2.9",
                  "status": "affected",
                  "version": "4.5.2.9",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Daniel Ruf"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The JobMonster Theme was vulnerable to Directory Listing in the /wp-content/uploads/jobmonster/ folder, as it did not include a default PHP file, or .htaccess file. This could expose personal data such as people\u0027s resumes. Although Directory Listing can be prevented by securely configuring the web server, vendors can also take measures to make it less likely to happen."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-04T15:36:05.000Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpscan.com/vulnerability/ea6646ac-f71f-4340-965d-fab272da5189"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://themeforest.net/item/jobmonster-job-board-wordpress-theme/10965446"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "JobMonster \u003c 4.6.6.1 - Directory Listing in Upload Folder",
          "x_generator": "WPScan CVE Generator",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "contact@wpscan.com",
              "ID": "CVE-2022-1166",
              "STATE": "PUBLIC",
              "TITLE": "JobMonster \u003c 4.6.6.1 - Directory Listing in Upload Folder"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Noo JobMonster",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "4.5.2.9",
                                "version_value": "4.5.2.9"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Unknown"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Daniel Ruf"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The JobMonster Theme was vulnerable to Directory Listing in the /wp-content/uploads/jobmonster/ folder, as it did not include a default PHP file, or .htaccess file. This could expose personal data such as people\u0027s resumes. Although Directory Listing can be prevented by securely configuring the web server, vendors can also take measures to make it less likely to happen."
                }
              ]
            },
            "generator": "WPScan CVE Generator",
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wpscan.com/vulnerability/ea6646ac-f71f-4340-965d-fab272da5189",
                  "refsource": "MISC",
                  "url": "https://wpscan.com/vulnerability/ea6646ac-f71f-4340-965d-fab272da5189"
                },
                {
                  "name": "https://themeforest.net/item/jobmonster-job-board-wordpress-theme/10965446",
                  "refsource": "MISC",
                  "url": "https://themeforest.net/item/jobmonster-job-board-wordpress-theme/10965446"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2022-1166",
        "datePublished": "2022-04-04T15:36:05.000Z",
        "dateReserved": "2022-03-30T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:55:24.352Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-5397 (GCVE-0-2025-5397)

    Vulnerability from cvelistv5 – Published: 2025-10-31 06:42 – Updated: 2026-04-08 16:59
    VLAI
    Title
    Jobmonster - Job Board WordPress Theme <= 4.8.1 - Authentication Bypass
    Summary
    The Noo JobMonster theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 4.8.1. This is due to the check_login() function not properly verifying a user's identity prior to successfully authenticating them This makes it possible for unauthenticated attackers to bypass standard authentication and access administrative user accounts. Please note social login needs to be enabled in order for a site to be impacted by this vulnerability.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-288 - Authentication Bypass Using an Alternate Path or Channel
    Assigner
    Impacted products
    Vendor Product Version
    Unknown Noo JobMonster Affected: 0 , ≤ 4.8.1 (semver)
    Create a notification for this product.
    Credits
    Thái An
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-5397",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-31T14:28:51.783763Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-31T14:40:20.080Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Noo JobMonster",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThanOrEqual": "4.8.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Th\u00e1i An"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Noo JobMonster theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 4.8.1. This is due to the check_login() function not properly verifying a user\u0027s identity prior to successfully authenticating them  This makes it possible for unauthenticated attackers to bypass standard authentication and access administrative user accounts. Please note social login needs to be enabled in order for a site to be impacted by this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-288",
                  "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T16:59:58.036Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6fa4aa8d-d7f1-4e91-bb2c-c9f80a4bb216?source=cve"
            },
            {
              "url": "https://themeforest.net/item/jobmonster-job-board-wordpress-theme/10965446"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-10-30T18:40:35.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Jobmonster - Job Board WordPress Theme \u003c= 4.8.1 - Authentication Bypass"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2025-5397",
        "datePublished": "2025-10-31T06:42:54.832Z",
        "dateReserved": "2025-05-30T16:34:42.983Z",
        "dateUpdated": "2026-04-08T16:59:58.036Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2022-1170 (GCVE-0-2022-1170)

    Vulnerability from cvelistv5 – Published: 2022-04-04 15:36 – Updated: 2024-08-02 23:55
    VLAI
    Title
    JobMonster < 4.5.2.9 - Unauthenticated Reflected Cross-Site Scripting
    Summary
    In the Noo JobMonster WordPress theme before 4.5.2.9 JobMonster there is a XSS vulnerability as the input for the search form is provided through unsanitized GET requests.
    Severity
    No CVSS data available.
    CWE
    • CWE-79 - Cross-site Scripting (XSS)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Unknown Noo JobMonster Affected: 4.5.2.9 , < 4.5.2.9 (custom)
    Create a notification for this product.
    Credits
    Daniel Ruf
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:55:24.223Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://themeforest.net/item/jobmonster-job-board-wordpress-theme/10965446"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/2ecb18e6-b575-4a20-bd31-94d24f1d1efc"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Noo JobMonster",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "4.5.2.9",
                  "status": "affected",
                  "version": "4.5.2.9",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Daniel Ruf"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In the Noo JobMonster WordPress theme before 4.5.2.9 JobMonster there is a XSS vulnerability as the input for the search form is provided through unsanitized GET requests."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Cross-site Scripting (XSS)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-04T15:36:11.000Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://themeforest.net/item/jobmonster-job-board-wordpress-theme/10965446"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpscan.com/vulnerability/2ecb18e6-b575-4a20-bd31-94d24f1d1efc"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "JobMonster \u003c 4.5.2.9 - Unauthenticated Reflected Cross-Site Scripting",
          "x_generator": "WPScan CVE Generator",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "contact@wpscan.com",
              "ID": "CVE-2022-1170",
              "STATE": "PUBLIC",
              "TITLE": "JobMonster \u003c 4.5.2.9 - Unauthenticated Reflected Cross-Site Scripting"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Noo JobMonster",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "4.5.2.9",
                                "version_value": "4.5.2.9"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Unknown"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Daniel Ruf"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In the Noo JobMonster WordPress theme before 4.5.2.9 JobMonster there is a XSS vulnerability as the input for the search form is provided through unsanitized GET requests."
                }
              ]
            },
            "generator": "WPScan CVE Generator",
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79 Cross-site Scripting (XSS)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://themeforest.net/item/jobmonster-job-board-wordpress-theme/10965446",
                  "refsource": "MISC",
                  "url": "https://themeforest.net/item/jobmonster-job-board-wordpress-theme/10965446"
                },
                {
                  "name": "https://wpscan.com/vulnerability/2ecb18e6-b575-4a20-bd31-94d24f1d1efc",
                  "refsource": "MISC",
                  "url": "https://wpscan.com/vulnerability/2ecb18e6-b575-4a20-bd31-94d24f1d1efc"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2022-1170",
        "datePublished": "2022-04-04T15:36:11.000Z",
        "dateReserved": "2022-03-30T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:55:24.223Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-1166 (GCVE-0-2022-1166)

    Vulnerability from cvelistv5 – Published: 2022-04-04 15:36 – Updated: 2024-08-02 23:55
    VLAI
    Title
    JobMonster < 4.6.6.1 - Directory Listing in Upload Folder
    Summary
    The JobMonster Theme was vulnerable to Directory Listing in the /wp-content/uploads/jobmonster/ folder, as it did not include a default PHP file, or .htaccess file. This could expose personal data such as people's resumes. Although Directory Listing can be prevented by securely configuring the web server, vendors can also take measures to make it less likely to happen.
    Severity
    No CVSS data available.
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Unknown Noo JobMonster Affected: 4.5.2.9 , < 4.5.2.9 (custom)
    Create a notification for this product.
    Credits
    Daniel Ruf
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:55:24.352Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/ea6646ac-f71f-4340-965d-fab272da5189"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://themeforest.net/item/jobmonster-job-board-wordpress-theme/10965446"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Noo JobMonster",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "4.5.2.9",
                  "status": "affected",
                  "version": "4.5.2.9",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Daniel Ruf"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The JobMonster Theme was vulnerable to Directory Listing in the /wp-content/uploads/jobmonster/ folder, as it did not include a default PHP file, or .htaccess file. This could expose personal data such as people\u0027s resumes. Although Directory Listing can be prevented by securely configuring the web server, vendors can also take measures to make it less likely to happen."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-04T15:36:05.000Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpscan.com/vulnerability/ea6646ac-f71f-4340-965d-fab272da5189"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://themeforest.net/item/jobmonster-job-board-wordpress-theme/10965446"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "JobMonster \u003c 4.6.6.1 - Directory Listing in Upload Folder",
          "x_generator": "WPScan CVE Generator",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "contact@wpscan.com",
              "ID": "CVE-2022-1166",
              "STATE": "PUBLIC",
              "TITLE": "JobMonster \u003c 4.6.6.1 - Directory Listing in Upload Folder"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Noo JobMonster",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "4.5.2.9",
                                "version_value": "4.5.2.9"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Unknown"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Daniel Ruf"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The JobMonster Theme was vulnerable to Directory Listing in the /wp-content/uploads/jobmonster/ folder, as it did not include a default PHP file, or .htaccess file. This could expose personal data such as people\u0027s resumes. Although Directory Listing can be prevented by securely configuring the web server, vendors can also take measures to make it less likely to happen."
                }
              ]
            },
            "generator": "WPScan CVE Generator",
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wpscan.com/vulnerability/ea6646ac-f71f-4340-965d-fab272da5189",
                  "refsource": "MISC",
                  "url": "https://wpscan.com/vulnerability/ea6646ac-f71f-4340-965d-fab272da5189"
                },
                {
                  "name": "https://themeforest.net/item/jobmonster-job-board-wordpress-theme/10965446",
                  "refsource": "MISC",
                  "url": "https://themeforest.net/item/jobmonster-job-board-wordpress-theme/10965446"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2022-1166",
        "datePublished": "2022-04-04T15:36:05.000Z",
        "dateReserved": "2022-03-30T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:55:24.352Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }