CVE-2018-19488

9.8CRITICAL

Key Information:

Vendor: Wordpress
Status: WP-jobhunt
Vendor: CVE Published:; 21 March 2019

Summary

The WP-jobhunt plugin before version 2.4 for WordPress does not control AJAX requests sent to the cs_reset_pass() function through the admin-ajax.php file, which allows remote unauthenticated attackers to reset the password of a user's account.

References

https://wpvulndb.com/vulnerabilities/9206

x_refsource_MISC

https://github.com/Antho59/wp-jobhunt-exploit

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 21, 2019
Vulnerability Reserved
Nov 23, 2018