CVE-2021-4364 - OpenCVE

The JobSearch WP Job Board plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the jobsearch_add_job_import_schedule_call() function in versions up to, and including, 1.8.1. This makes it possible for authenticated attackers to add and/or modify schedule calls.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Eyecix	Jobsearch Wp Job Board

Configuration 1 [-]

cpe:2.3:a:eyecix:jobsearch_wp_job_board:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
https://blog.nintechnet.com/wordpress-jobsearch-wp-job-board-plugin-fixed-vulnerability/
https://wpscan.com/vulnerability/7e2dd5df-f758-419c-bfb8-b8e53235fede
https://www.wordfence.com/threat-intel/vulnerabilities/id/9114018f-0678-4973-bb1e-932f0d93f963?source=cve

History

No history.

MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2023-06-07T01:51:30.752Z

Updated: 2024-08-03T17:23:10.675Z

Reserved: 2023-06-06T12:57:42.635Z

Link: CVE-2021-4364

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-06-07T02:15:14.543

Modified: 2023-11-07T03:40:47.313

Link: CVE-2021-4364

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2021-4364", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2023-06-06T12:57:42.635Z", "datePublished": "2023-06-07T01:51:30.752Z", "dateUpdated": "2024-08-03T17:23:10.675Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2023-06-07T01:51:30.752Z"}, "affected": [{"vendor": "https://codecanyon.net/item/jobsearch-wp-job-board-wordpress-plugin/21066856", "product": "JobSearch WP Job Board", "versions": [{"version": "*", "status": "affected", "lessThanOrEqual": "1.8.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The JobSearch WP Job Board plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the jobsearch_add_job_import_schedule_call() function in versions up to, and including, 1.8.1. This makes it possible for authenticated attackers to add and/or modify schedule calls."}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9114018f-0678-4973-bb1e-932f0d93f963?source=cve"}, {"url": "https://blog.nintechnet.com/wordpress-jobsearch-wp-job-board-plugin-fixed-vulnerability/"}, {"url": "https://wpscan.com/vulnerability/7e2dd5df-f758-419c-bfb8-b8e53235fede"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-284 Improper Access Control"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Jerome Bruandet"}], "timeline": [{"time": "2021-10-05T00:00:00.000+00:00", "lang": "en", "value": "Disclosed"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T17:23:10.675Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9114018f-0678-4973-bb1e-932f0d93f963?source=cve", "tags": ["x_transferred"]}, {"url": "https://blog.nintechnet.com/wordpress-jobsearch-wp-job-board-plugin-fixed-vulnerability/", "tags": ["x_transferred"]}, {"url": "https://wpscan.com/vulnerability/7e2dd5df-f758-419c-bfb8-b8e53235fede", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:eyecix:jobsearch_wp_job_board:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "19D7A456-5B97-4178-8D27-C6B4365EBDD0", "versionEndIncluding": "1.8.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The JobSearch WP Job Board plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the jobsearch_add_job_import_schedule_call() function in versions up to, and including, 1.8.1. This makes it possible for authenticated attackers to add and/or modify schedule calls."}], "id": "CVE-2021-4364", "lastModified": "2023-11-07T03:40:47.313", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2023-06-07T02:15:14.543", "references": [{"source": "security@wordfence.com", "tags": ["Exploit"], "url": "https://blog.nintechnet.com/wordpress-jobsearch-wp-job-board-plugin-fixed-vulnerability/"}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://wpscan.com/vulnerability/7e2dd5df-f758-419c-bfb8-b8e53235fede"}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9114018f-0678-4973-bb1e-932f0d93f963?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "nvd@nist.gov", "type": "Primary"}]}