JobCareer < 2.4.1 – User enumeration & Reset password | CVE 2018-19487 | Plugin Vulnerabilities

Description

The theme used a vulnerable version of the WP-jobhunt plugin affected by the issues below:

CVE-2018-19487:

The WP-jobhunt plugin before version 2.4 for WordPress does not control AJAX requests sent to the cs_employer_ajax_profile() function through the admin-ajax.php file, which allows remote unauthenticated attackers to enumerate information about users.

CVE-2018-19488:

The WP-jobhunt plugin before version 2.4 for WordPress does not control AJAX requests sent to the cs_reset_pass() function through the admin-ajax.php file, which allows remote unauthenticated attackers to reset the password of a user's account.

Affects Plugins

Fixed in 2.4

Affects Themes

Fixed in 2.4.1

References

CVE

CVE

URL

https://themeforest.net/item/jobcareer-job-board-responsive-wordpress-theme/14221636

URL

https://github.com/Antho59/wp-jobhunt-exploit

Classification

Type

ACCESS CONTROLS

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Original Researcher

Anthony MAESTRE

Submitter

Anthony MAESTRE

Verified

No

WPVDB ID

53968e61-6b81-4fcd-85ef-5d0854873c36

Timeline

Publicly Published

2018-12-04 (about 7 years ago)

Added

2019-01-25 (about 7 years ago)

Last Updated

2020-12-09 (about 5 years ago)

Other

Published

Title

Published

2022-05-18

Title

JupiterX < 2.0.7 & JupiterX Core < 2.0.7 - Subscriber+ Arbitrary Plugin Deactivation and Settings Update

Published

2025-03-06

Title

VK Blocks < 1.95.0.3 - Missing Authorization to Sensitive Information Exposure

Published

2024-05-01

Title

Contact Form by WPForms – Drag & Drop Form Builder for WordPress < 1.8.8.2 - Unauthenticated Price Manipulation

Published

2021-11-15

Title

User Meta Shortcodes <= 0.5 - Contributor+ Unauthorized Arbitrary User Metadata Access

Published

2019-07-10

Title

WP-GraphQL < 0.3.5 - Improper Access Control