CVE-2024-12132

MEDIUM Year: 2024
CVSS v3 Score
4.3
Medium
Weakness Type
CWE-639
View all →

Vulnerability Description

The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.4 due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create jobs for companies that are unaffiliated with the attacker.

Related Vulnerabilities

CVE-2017-0920

MEDIUM
CVSS:4.3(Medium)

GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the Projects::MergeRequests::CreationsController component resulting in an...

CWE-6392017

CVE-2017-15195

MEDIUM
CVSS:4.3(Medium)

In Kanboard before 1.0.47, by altering form data, an authenticated user can edit swimlanes of a private project of another user.

CWE-6392017

CVE-2017-15196

MEDIUM
CVSS:4.3(Medium)

In Kanboard before 1.0.47, by altering form data, an authenticated user can remove columns from a private project of another user.

CWE-6392017

CVE-2017-15197

MEDIUM
CVSS:4.3(Medium)

In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new category to a private project of another user.

CWE-6392017

CVE-2017-15199

MEDIUM
CVSS:4.3(Medium)

In Kanboard before 1.0.47, by altering form data, an authenticated user can edit metadata of a private project of another user, as demonstrated by Name, Email, Identifier, and Description.

CWE-6392017

CVE-2017-15200

MEDIUM
CVSS:4.3(Medium)

In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new task to a private project of another user.

CWE-6392017