WordPress Plugin Vulnerabilities

WP Job Manager < 2.1.0 - Unauthenticated Job Status Update

Description

The plugin does not properly authorize the use of some endpoints, allowing an unauthenticated attacker to update job statuses.

Affects Plugins

Plugin icon
wp-job-manager
Fixed in 2.1.0

References

CVE
CVE-2023-52211
URL
https://hackerone.com/reports/2200838

Classification

Type
INCORRECT AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-863
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Rafie Muhammad
Verified
No
WPVDB ID
db4124d8-88b3-42c7-a641-8fcfc96b9e60

Timeline

Publicly Published
2024-01-05 (about 2 years ago)
Added
2024-01-12 (about 2 years ago)
Last Updated
2024-01-12 (about 2 years ago)

Other

Published
Title
Published
2025-07-30
Title
HT Mega – Absolute Addons For Elementor < 2.9.2 - Improper Authorization to Authenticated (Contributor+) Limited Administrator Actions
Published
2022-11-16
Title
SVG Support 2.5-2.5.1 - Author+ Stored XSS
Published
2025-04-24
Title
Prevent Direct Access 2.8.6 - 2.8.8.2 - Incorrect Authorization to Authenticated (Contributor+) Multiple Media Actions
Published
2022-09-22
Title
Customer Reviews for WooCommerce < 5.3.6 - Broken Access Control
Published
2024-03-28
Title
Booking Package < 1.6.29 - Unauthenticated Price Manipulation