YOLOP0wn/wp-jobhunt-exploit

YOLOP0wn/wp-jobhunt-exploit

Releases0

Stars6

CVE-2018-19487, CVE-2018-19488, exploit for WordPress wp-jobhunt plugin

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2018-19487 ↗	Mar 21, 2019Thursday, 21 March 2019, 16:00	—	5 MEDIUM
The WP-jobhunt plugin before version 2.4 for WordPress does not control AJAX requests sent to the cs_employer_ajax_profile() function through the admin-ajax.php file, which allows remote unauthenticated attackers to enumerate information about users.
CVE-2018-19488 ↗	Mar 21, 2019Thursday, 21 March 2019, 16:00	—	7.5 HIGH
The WP-jobhunt plugin before version 2.4 for WordPress does not control AJAX requests sent to the cs_reset_pass() function through the admin-ajax.php file, which allows remote unauthenticated attackers to reset the password of a user's account.