Authorization Bypass Vulnerability in JobSearch WP Job Board Plugin for WordPress
CVE-2021-4361

8.8HIGH

Key Information:

Vendor: Wordpress
Status: Jobsearch WP Job Board
Vendor: CVE Published:; 7 June 2023

Summary

The JobSearch WP Job Board plugin, utilized within WordPress sites, is susceptible to an authorization bypass vulnerability. Due to a missing capability check in the jobsearch_job_integrations_settin_save AJAX action, an authenticated attacker may exploit this weakness to modify arbitrary settings on the site. This could lead to unauthorized changes and potential management of site configurations without proper permissions, emphasizing the need for timely updates and security measures.

Affected Version(s)

JobSearch WP Job Board * <= 1.8.1

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://blog.nintechnet.com/wordpress-jobsearch-wp-job-bo...

https://wpscan.com/vulnerability/a69aa52f-9876-4180-97a4-...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 7, 2023
Vulnerability Reserved
Jun 6, 2023

Credit

Jerome Bruandet