cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches forcustom-field-for-wp-job-manager custom-field-for-wp-job-manager

Direction: ascending
Jun 07, 2024

Custom Field For WP Job Manager # CVE-2023-3328

CVE, Research URL

CVE-2023-3328

Home page URL

Security reports for Custom Field For WP Job Manager

Application

Custom Field For WP Job Manager

Date
Aug 15, 2023
Research Description
The Custom Field For WP Job Manager WordPress plugin before 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Affected versions
max 1.2.
Status
vulnerable

Custom Field For WP Job Manager # CVE-2023-37980

CVE, Research URL

CVE-2023-37980

Home page URL

Security reports for Custom Field For WP Job Manager

Application

Custom Field For WP Job Manager

Date
Jul 27, 2023
Research Description
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gravity Master Custom Field For WP Job Manager plugin <= 1.1 versions.
Affected versions
max 1.2.
Status
vulnerable
Aug 17, 2024

Custom Field For WP Job Manager # CVE-2023-7049

CVE, Research URL

CVE-2023-7049

Home page URL

Security reports for Custom Field For WP Job Manager

Application

Custom Field For WP Job Manager

Date
Aug 16, 2024
Research Description
The Custom Field For WP Job Manager plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2 via the the 'cm_fieldshow' shortcode due to missing validation on the 'job_id' user controlled key. This makes it possible for authenticated attackers, with contributor-level access and above, to expose potentially sensitive post metadata.
Affected versions
max 1.3.
Status
vulnerable
Jan 09, 2025

Custom Field For WP Job Manager # CVE-2025-22294

CVE, Research URL

CVE-2025-22294

Home page URL

Security reports for Custom Field For WP Job Manager

Application

Custom Field For WP Job Manager

Date
Jan 07, 2025
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Gravity Master Custom Field For WP Job Manager allows Reflected XSS.This issue affects Custom Field For WP Job Manager: from n/a through 1.3.
Affected versions
max 1.4.
Status
vulnerable
Apr 02, 2025

Custom Field For WP Job Manager # CVE-2025-30856

CVE, Research URL

CVE-2025-30856

Home page URL

Security reports for Custom Field For WP Job Manager

Application

Custom Field For WP Job Manager

Date
Mar 27, 2025
Research Description
Cross-Site Request Forgery (CSRF) vulnerability in theme funda Custom Field For WP Job Manager allows Cross Site Request Forgery. This issue affects Custom Field For WP Job Manager: from n/a through 1.4.
Affected versions
max 1.5.
Status
vulnerable