JS Job Manager < 2.0.1 – Multiple CSRF | CVE 2023-31087

Affects Plugins

js-jobs

Fixed in 2.0.1

References

CVE

CVE-2023-31087

Classification

Type

NO AUTHORISATION

OWASP top 10

A5: Broken Access Control

CWE

CWE-862

CVSS

5.4 (medium)

Miscellaneous

Original Researcher

Yuki Haruma

Verified

No

WPVDB ID

ac64691d-2485-4127-9208-3bb6e5775e12

Timeline

Publicly Published

2023-06-02 (about 2 years ago)

Added

2023-06-16 (about 2 years ago)

Last Updated

2023-06-16 (about 2 years ago)

Other

Published

Title

Published

2025-02-18

Title

Trash Duplicate and 301 Redirect < 1.9.1 - Unauthenticated Arbitrary Post Deletion

Published

2025-08-26

Title

All Bootstrap Blocks < 1.3.29 - Missing Authorization

Published

2025-12-15

Title

Photo Block < 1.6.0 - Missing Authorization

Published

2022-08-16

Title

Calendar Event Multi View < 1.4.07 - Unauthenticated Arbitrary Event Creation to Stored XSS

Published

2024-07-08

Title

XPlainer – WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin] < 1.7.1 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting