Search criteria
4 vulnerabilities found for job_manager_\&_career by themehigh
CVE-2023-51545 (GCVE-0-2023-51545)
Vulnerability from nvd – Published: 2023-12-29 12:48 – Updated: 2024-08-02 22:40
VLAI?
Title
WordPress Job Manager & Career Plugin <= 1.4.4 is vulnerable to Cross Site Request Forgery (CSRF) leading to PHP Object Injection
Summary
Cross-Site Request Forgery (CSRF), Deserialization of Untrusted Data vulnerability in ThemeHigh Job Manager & Career – Manage job board listings, and recruitments.This issue affects Job Manager & Career – Manage job board listings, and recruitments: from n/a through 1.4.4.
Severity ?
9.6 (Critical)
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ThemeHigh | Job Manager & Career – Manage job board listings, and recruitments |
Affected:
n/a , ≤ 1.4.4
(custom)
|
Credits
Rafie Muhammad (Patchstack)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:40:32.571Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/job-manager-career/wordpress-job-manager-career-plugin-1-4-4-cross-site-request-forgery-csrf-to-php-object-injection-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "job-manager-career",
"product": "Job Manager \u0026 Career \u2013 Manage job board listings, and recruitments",
"vendor": "ThemeHigh",
"versions": [
{
"changes": [
{
"at": "1.4.5",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.4.4",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Rafie Muhammad (Patchstack)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross-Site Request Forgery (CSRF), Deserialization of Untrusted Data vulnerability in ThemeHigh Job Manager \u0026amp; Career \u2013 Manage job board listings, and recruitments.\u003cp\u003eThis issue affects Job Manager \u0026amp; Career \u2013 Manage job board listings, and recruitments: from n/a through 1.4.4.\u003c/p\u003e"
}
],
"value": "Cross-Site Request Forgery (CSRF), Deserialization of Untrusted Data vulnerability in ThemeHigh Job Manager \u0026 Career \u2013 Manage job board listings, and recruitments.This issue affects Job Manager \u0026 Career \u2013 Manage job board listings, and recruitments: from n/a through 1.4.4.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-29T12:48:43.690Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/job-manager-career/wordpress-job-manager-career-plugin-1-4-4-cross-site-request-forgery-csrf-to-php-object-injection-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to\u0026nbsp;1.4.5 or a higher version."
}
],
"value": "Update to\u00a01.4.5 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Job Manager \u0026 Career Plugin \u003c= 1.4.4 is vulnerable to Cross Site Request Forgery (CSRF) leading to PHP Object Injection",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2023-51545",
"datePublished": "2023-12-29T12:48:43.690Z",
"dateReserved": "2023-12-20T19:26:40.707Z",
"dateUpdated": "2024-08-02T22:40:32.571Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5906 (GCVE-0-2023-5906)
Vulnerability from nvd – Published: 2023-11-27 16:21 – Updated: 2024-08-02 08:14
VLAI?
Title
Job Manager & Career < 1.4.4 - Directory listing to Sensitive Data Exposure
Summary
The Job Manager & Career WordPress plugin before 1.4.4 contains a vulnerability in the Directory Listings system, which allows an unauthorized user to view and download private files of other users. This vulnerability poses a serious security threat because it allows an attacker to gain access to confidential data and files of other users without their permission.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Job Manager & Career |
Affected:
0 , < 1.4.4
(semver)
|
Credits
Dmitrii Ignatyev
WPScan
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:14:24.813Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/911d495c-3867-4259-a73a-572cd4fccdde"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"product": "Job Manager \u0026 Career",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.4.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dmitrii Ignatyev"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Job Manager \u0026 Career WordPress plugin before 1.4.4 contains a vulnerability in the Directory Listings system, which allows an unauthorized user to view and download private files of other users. This vulnerability poses a serious security threat because it allows an attacker to gain access to confidential data and files of other users without their permission."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-200 Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-27T16:21:59.373Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/911d495c-3867-4259-a73a-572cd4fccdde"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Job Manager \u0026 Career \u003c 1.4.4 - Directory listing to Sensitive Data Exposure",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2023-5906",
"datePublished": "2023-11-27T16:21:59.373Z",
"dateReserved": "2023-11-01T14:54:21.468Z",
"dateUpdated": "2024-08-02T08:14:24.813Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-51545 (GCVE-0-2023-51545)
Vulnerability from cvelistv5 – Published: 2023-12-29 12:48 – Updated: 2024-08-02 22:40
VLAI?
Title
WordPress Job Manager & Career Plugin <= 1.4.4 is vulnerable to Cross Site Request Forgery (CSRF) leading to PHP Object Injection
Summary
Cross-Site Request Forgery (CSRF), Deserialization of Untrusted Data vulnerability in ThemeHigh Job Manager & Career – Manage job board listings, and recruitments.This issue affects Job Manager & Career – Manage job board listings, and recruitments: from n/a through 1.4.4.
Severity ?
9.6 (Critical)
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ThemeHigh | Job Manager & Career – Manage job board listings, and recruitments |
Affected:
n/a , ≤ 1.4.4
(custom)
|
Credits
Rafie Muhammad (Patchstack)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:40:32.571Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/job-manager-career/wordpress-job-manager-career-plugin-1-4-4-cross-site-request-forgery-csrf-to-php-object-injection-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "job-manager-career",
"product": "Job Manager \u0026 Career \u2013 Manage job board listings, and recruitments",
"vendor": "ThemeHigh",
"versions": [
{
"changes": [
{
"at": "1.4.5",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.4.4",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Rafie Muhammad (Patchstack)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross-Site Request Forgery (CSRF), Deserialization of Untrusted Data vulnerability in ThemeHigh Job Manager \u0026amp; Career \u2013 Manage job board listings, and recruitments.\u003cp\u003eThis issue affects Job Manager \u0026amp; Career \u2013 Manage job board listings, and recruitments: from n/a through 1.4.4.\u003c/p\u003e"
}
],
"value": "Cross-Site Request Forgery (CSRF), Deserialization of Untrusted Data vulnerability in ThemeHigh Job Manager \u0026 Career \u2013 Manage job board listings, and recruitments.This issue affects Job Manager \u0026 Career \u2013 Manage job board listings, and recruitments: from n/a through 1.4.4.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-29T12:48:43.690Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/job-manager-career/wordpress-job-manager-career-plugin-1-4-4-cross-site-request-forgery-csrf-to-php-object-injection-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to\u0026nbsp;1.4.5 or a higher version."
}
],
"value": "Update to\u00a01.4.5 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Job Manager \u0026 Career Plugin \u003c= 1.4.4 is vulnerable to Cross Site Request Forgery (CSRF) leading to PHP Object Injection",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2023-51545",
"datePublished": "2023-12-29T12:48:43.690Z",
"dateReserved": "2023-12-20T19:26:40.707Z",
"dateUpdated": "2024-08-02T22:40:32.571Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5906 (GCVE-0-2023-5906)
Vulnerability from cvelistv5 – Published: 2023-11-27 16:21 – Updated: 2024-08-02 08:14
VLAI?
Title
Job Manager & Career < 1.4.4 - Directory listing to Sensitive Data Exposure
Summary
The Job Manager & Career WordPress plugin before 1.4.4 contains a vulnerability in the Directory Listings system, which allows an unauthorized user to view and download private files of other users. This vulnerability poses a serious security threat because it allows an attacker to gain access to confidential data and files of other users without their permission.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Job Manager & Career |
Affected:
0 , < 1.4.4
(semver)
|
Credits
Dmitrii Ignatyev
WPScan
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:14:24.813Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/911d495c-3867-4259-a73a-572cd4fccdde"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"product": "Job Manager \u0026 Career",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.4.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dmitrii Ignatyev"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Job Manager \u0026 Career WordPress plugin before 1.4.4 contains a vulnerability in the Directory Listings system, which allows an unauthorized user to view and download private files of other users. This vulnerability poses a serious security threat because it allows an attacker to gain access to confidential data and files of other users without their permission."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-200 Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-27T16:21:59.373Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/911d495c-3867-4259-a73a-572cd4fccdde"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Job Manager \u0026 Career \u003c 1.4.4 - Directory listing to Sensitive Data Exposure",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2023-5906",
"datePublished": "2023-11-27T16:21:59.373Z",
"dateReserved": "2023-11-01T14:54:21.468Z",
"dateUpdated": "2024-08-02T08:14:24.813Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}