WP-jobhunt

Vulnerabilities 12Slug wp-jobhuntPlugin page →

Minimum safe version

7.7

Update to 7.7 or later to address 4 fixable vulnerabilities

⚠ 8 vulnerabilities have no fix

High 7.6 Unfixed

2025-12-20≤ 7.7

WP JobHunt <= 7.7 - Missing Authorization to Authenticated (Candidate+) Stored Cross-Site Scripting via 'status'

Wordfence EUVD CVE

Medium 4.3 Unfixed

2025-12-20≤ 7.7

WP JobHunt <= 7.7 - Authenticated (Candidate+) Insecure Direct Object Reference

Wordfence EUVD CVE

Medium 6.4

2025-10-09< 7.7

WP JobHunt <= 7.6 - Authenticated (Candidate+) Stored Cross-Site Scripting via ‘cs_job_title’

Wordfence CVE

Medium 5.4

2025-10-09< 7.7

WP JobHunt <= 7.6 Authenticated (Custom+) Authorization Bypass

Wordfence CVE

High 8.1 Unfixed

2025-07-22≤ 7.2

WP JobHunt <= 7.2 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Account Deletion

EUVD Wordfence CVE

Medium 5.3 Unfixed

2025-05-16≤ 7.1

WordPress Better Customer List for WooCommerce Plugin <= 1.2.3 - Reflected Cross Site Scripting (XSS) vulnerability

CVE EUVD Wordfence

Critical 9.8 Unfixed

2025-03-14≤ 7.1

WP JobHunt <= 7.1 - Unauthenticated Privilege Escalation via Email Update/Account Takeover

CVE EUVD Wordfence

Critical 9.8 Unfixed

2025-03-14≤ 7.1

WP JobHunt <= 7.1 - Unauthenticated Privilege Escalation via Password Reset/Account Takeover

CVE EUVD Wordfence

High 7.5 Unfixed

2025-03-14≤ 7.1

WP JobHunt <= 7.1 - Authentication Bypass to Candidate

CVE EUVD Wordfence

Critical 9.8 Unfixed

2025-03-14≤ 7.1

WP JobHunt <= 7.1 - Authentication Bypass

CVE EUVD Patchstack Wordfence

Critical 9.8

2019-03-17< 2.4

CVE-2018-19488

CVE Wordfence WPScan

High 7.5

2019-03-17< 2.4

CVE-2018-19487

CVE Wordfence