Ultimatemember - Jobboardwp CVE - OpenCVE

Filtered by vendor Ultimatemember Subscriptions

Filtered by product Jobboardwp Subscriptions

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2021-39329	1 Ultimatemember	1 Jobboardwp	2024-09-16	5.5 Medium
The JobBoardWP WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/includes/admin/class-metabox.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.0.7. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.
CVE-2022-4061	1 Ultimatemember	1 Jobboardwp	2024-08-03	7.5 High
The JobBoardWP WordPress plugin before 1.2.2 does not properly validate file names and types in its file upload functionalities, allowing unauthenticated users to upload arbitrary files such as PHP.

Page 1 of 1.