WordPress Plugin Vulnerabilities

JobSearch WP Job Board < 1.8.2 - Unauthenticated Plugin's Settings Update

Description

The save_locsettings function, hooked to the init action (which will therefore run each time the blog is loaded) could allow unauthenticated users to modify the plugin's settings

Affects Plugins

Plugin icon
wp-jobsearch
Fixed in 1.8.2

References

CVE
CVE-2021-4352
URL
https://blog.nintechnet.com/wordpress-jobsearch-wp-job-board-plugin-fixed-vulnerability/

Classification

Type
ACCESS CONTROLS
OWASP top 10
A5: Broken Access Control
CWE
CWE-284
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Jerome Bruandet
Verified
Yes
WPVDB ID
ed7e664e-5a73-4d2d-a599-a0be89d6c2d1

Timeline

Publicly Published
2021-10-05 (about 2 years ago)
Added
2021-10-05 (about 2 years ago)
Last Updated
2023-06-08 (about 11 months ago)

Other

Published
Title
Published
2021-09-30
Title
JS Job Manager < 1.1.9 - Unauthenticated Arbitrary Plugin Installation/Activation
Published
2021-04-30
Title
Download Manager < 3.1.23 - Unauthorised Asset Manager Usage
Published
2020-12-14
Title
Total Upkeep by BoldGrid < 1.14.10 - Sensitive Data Disclosure (Server IP Address, UID etc)
Published
2021-01-12
Title
WP Quick FrontEnd Editor <= 5.5 - Authenticated Settings Change leading to Stored XSS
Published
2020-08-21
Title
Contact Form - Form builder by Kali Forms < 2.1.2 - Authenticated Plugin's Settings Change