Vulnerabilities > WP Jobhunt Project > WP Jobhunt > 1.1.6

DATE CVE VULNERABILITY TITLE RISK
2019-03-21 CVE-2018-19488 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Wp-Jobhunt Project Wp-Jobhunt
The WP-jobhunt plugin before version 2.4 for WordPress does not control AJAX requests sent to the cs_reset_pass() function through the admin-ajax.php file, which allows remote unauthenticated attackers to reset the password of a user's account.
network
low complexity
wp-jobhunt-project CWE-640
7.5
7.5
2019-03-21 CVE-2018-19487 Information Exposure vulnerability in Wp-Jobhunt Project Wp-Jobhunt
The WP-jobhunt plugin before version 2.4 for WordPress does not control AJAX requests sent to the cs_employer_ajax_profile() function through the admin-ajax.php file, which allows remote unauthenticated attackers to enumerate information about users.
network
low complexity
wp-jobhunt-project CWE-200
5.0
5.0