WordPress Plugin Vulnerabilities

WP Job Portal < 2.0.2 - Unauthenticated Settings Update

Description

The plugin does not have authorisation and CSRF checks when updating its settings, which could allow unauthenticated attackers to change them.

Affects Plugins

Plugin icon
wp-job-portal
Fixed in 2.0.2

References

CVE
CVE-2022-41786

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Lana Codes
Verified
No
WPVDB ID
eb02d338-0151-4842-bf7c-f60a507aea3a

Timeline

Publicly Published
2023-05-05 (about 2 years ago)
Added
2023-06-22 (about 2 years ago)
Last Updated
2023-08-18 (about 2 years ago)

Other

Published
Title
Published
2023-01-17
Title
MainWP Google Analytics Extension < 4.0.5 - Subscriber+ Settings Update
Published
2023-03-10
Title
RapidLoad Power-Up for Autoptimize < 1.7.2 - Unauthorised AJAX Calls
Published
2025-12-31
Title
Simple Like Page <= 1.5.3 - Missing Authorization
Published
2025-06-05
Title
Testimonials Showcase < 1.9.18 - Missing Authorization
Published
2024-11-15
Title
WP Log Viewer <= 1.2.1 - Missing Authorization