JobSearch WP Job Board < = 1.8.1 - Missing Authorization on jobsearch_update_job_import_schedule_call() function

The JobSearch WP Job Board plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the jobsearch_add_job_import_schedule_call() function in versions up to, and including, 1.8.1. This makes it possible for authenticated attackers to add and/or modify schedule calls.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

访问控制不恰当

WordPress Plugin JobSearch WP Job Board 安全漏洞

WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress Plugin JobSearch WP Job Board 存在安全漏洞，该漏洞源于缺少对 jobsearch_add_job_import_schedule_call() 函数的功能检查，因此容易受到授权绕过的影响。

N/A

N/A