Total
2 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-19487 | 1 Wp-jobhunt Project | 1 Wp-jobhunt | 2019-04-01 | 5.0 MEDIUM | 7.5 HIGH |
The WP-jobhunt plugin before version 2.4 for WordPress does not control AJAX requests sent to the cs_employer_ajax_profile() function through the admin-ajax.php file, which allows remote unauthenticated attackers to enumerate information about users. | |||||
CVE-2018-19488 | 1 Wp-jobhunt Project | 1 Wp-jobhunt | 2019-04-01 | 7.5 HIGH | 9.8 CRITICAL |
The WP-jobhunt plugin before version 2.4 for WordPress does not control AJAX requests sent to the cs_reset_pass() function through the admin-ajax.php file, which allows remote unauthenticated attackers to reset the password of a user's account. |