CVE-2018-19487

Name of the Vulnerable Software and Affected Versions WP-jobhunt plugin versions prior to 2.4

Description The issue concerns the lack of control over AJAX requests sent to the cs employer ajax profile() function through the "admin-ajax.php" file. This allows remote unauthenticated attackers to enumerate information about users.

Recommendations For WP-jobhunt plugin versions prior to 2.4, update to version 2.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the "admin-ajax.php" file to minimize the risk of exploitation.