Email Address Vulnerability in WP JobSearch WordPress Plugin
CVE-2023-6584
Currently unrated
Key Information:
- Vendor
- Wordpress
- Status
- Vendor
- CVE Published:
- 27 February 2024
Badges
πΎ Exploit Existsπ‘ Public PoC
Summary
The WP JobSearch WordPress plugin before 2.3.4 does not prevent attackers from logging-in as any users with the only knowledge of that user's email address.
Affected Version(s)
WP JobSearch 0 < 2.3.4
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
Timeline
- π‘
Public PoC available
- πΎ
Exploit known to exist
Vulnerability published
Vulnerability Reserved
Credit
Marc Montpas
WPScan