The WP-jobhunt plugin before version 2.4 for WordPress does not control AJAX requests sent to the cs_employer_ajax_profile() function through the admin-ajax.php file, which allows remote unauthenticated attackers to enumerate information about users.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2019-03-17T21:36:47
Updated: 2024-08-05T11:37:11.508Z
Reserved: 2018-11-23T00:00:00
Link: CVE-2018-19487
Vulnrichment
No data.
NVD
Status : Modified
Published: 2019-03-21T16:00:31.140
Modified: 2024-11-21T03:58:00.197
Link: CVE-2018-19487
Redhat
No data.