Thevietronin

**Name of the Vulnerable Software and Affected Versions** myCred versions prior to 3.0.5 **Description** Improper neutralization of input during web page generation allows for stored Cross-site Scripting (XSS), a condition where malicious scripts are permanently stored on the target server and executed in the browser of users who view the affected page. **Recommendations** Update to a version newer than 3.0.4.

**Name of the Vulnerable Software and Affected Versions** Classified Listing versions prior to 5.3.9 **Description** An improper limitation of a pathname to a restricted directory, known as Path Traversal, allows for arbitrary file download. This occurs when the application fails to properly validate user-supplied input used to construct a file path, enabling access to files outside the intended directory. **Recommendations** Update to a version newer than 5.3.8.

**Name of the Vulnerable Software and Affected Versions** GiveWP versions prior to 4.14.6 **Description** Improper neutralization of input during web page generation in Liquid Web / StellarWP GiveWP allows for DOM-Based Cross-site Scripting (XSS), a flaw where the application contains client-side JavaScript that processes data from an untrusted source in an unsafe way, typically by writing the data to a dangerous sink. **Recommendations** Update to a version newer than 4.14.5.

**Name of the Vulnerable Software and Affected Versions** WeGIA versions prior to 3.5.1 **Description** WeGIA is a Web Manager for Institutions. A SQL Injection issue exists in the `/html/funcionario/dependente listar.php` API endpoint, specifically through the `id funcionario` parameter. Successful exploitation allows attackers to execute arbitrary SQL commands, potentially compromising the database's confidentiality, integrity, and availability. **Recommendations** Update to version 3.5.1 or later.

**Name of the Vulnerable Software and Affected Versions** WeGIA versions prior to 3.5.1 **Description** WeGIA is a web management application for institutions. A Reflected Cross-Site Scripting (XSS) issue exists in the `/html/atendido/cadastro atendido parentesco pessoa nova.php` API endpoint. Attackers can inject malicious scripts through the `idatendido` parameter. **Recommendations** Update to version 3.5.1 or later.

**Name of the Vulnerable Software and Affected Versions** WeGIA versions prior to 3.5.1 **Description** WeGIA is a Web Manager for Institutions. A SQL Injection issue exists in the `/html/funcionario/cadastro funcionario pessoa existente.php` API endpoint, specifically affecting the `cpf` parameter. Successful exploitation allows attackers to execute arbitrary SQL commands, potentially compromising the database's confidentiality, integrity, and availability. **Recommendations** Update to version 3.5.1 or later.

**Name of the Vulnerable Software and Affected Versions** The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress versions up to, and including, 2.2.8 **Description** The issue is related to Insecure Direct Object Reference, which allows authenticated attackers with Subscriber-level access and above to remove profile photos from users' accounts via the `deleteUserPhoto()` function. This is due to missing validation on a user-controlled key. The attack does not officially delete the file. **Recommendations** For versions up to, and including, 2.2.8, consider disabling the `deleteUserPhoto()` function until a patch is available to prevent exploitation. Restrict access to the `deleteUserPhoto()` function to minimize the risk of unauthorized profile photo removal.

Name of the Vulnerable Software and Affected Versions: reNgine versions up to and including 2.20 Description: An unrestricted project deletion vulnerability in reNgine allows attackers with specific roles, such as `penetration tester` or `auditor`, to delete all projects in the system. This can lead to a complete system takeover by redirecting the attacker to the onboarding page, where they can add or modify users, including Sys Admins, and configure critical settings like API keys and user preferences. Recommendations: For versions up to and including 2.20, update to version 2.21 to resolve the issue. As a temporary workaround, consider restricting access to the `penetration tester` and `auditor` roles to minimize the risk of exploitation. Restrict access to the onboarding page to prevent attackers from adding or modifying users and configuring critical settings. Avoid using the vulnerable project deletion feature until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress versions up to, and including, 2.2.6 **Description** The issue is related to an Insecure Direct Object Reference vulnerability. This vulnerability is due to the lack of validation on a user-controlled key in the `deleteCompanyLogo()` function. As a result, unauthenticated attackers can delete arbitrary company logos. **Recommendations** For versions up to, and including, 2.2.6, update to a version higher than 2.2.6 to resolve the issue. As a temporary workaround, consider disabling the `deleteCompanyLogo()` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress versions up to, and including, 2.2.6 **Description** The issue is related to unauthorized arbitrary email sending due to a missing capability check on the `sendEmailToJobSeeker()` function. This allows unauthenticated attackers to send arbitrary emails with arbitrary content from the site's mail server. **Recommendations** For versions up to, and including, 2.2.6, consider disabling the `sendEmailToJobSeeker()` function until a patch is available to prevent unauthorized email sending. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress versions up to, and including, 2.2.6 **Description** The issue concerns an Insecure Direct Object Reference vulnerability. This vulnerability arises due to missing validation on a user-controlled key, specifically through the `getresumefiledownloadbyid()` and `getallresumefiles()` functions. As a result, unauthenticated attackers can download users' resumes without proper authorization. **Recommendations** For versions up to, and including, 2.2.6, update to a version higher than 2.2.6 to resolve the issue. As a temporary workaround, consider disabling the `getresumefiledownloadbyid()` and `getallresumefiles()` functions until a patch is available. Restrict access to resume download functionality to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress versions up to, and including, 2.2.6 **Description** The issue is related to Insecure Direct Object Reference, which affects the plugin due to missing validation on a `key` controlled by the user. This allows authenticated attackers with Employer-level access and above to delete other users' companies via the `enforcedelete()` function. **Recommendations** For versions up to, and including, 2.2.6, consider disabling the `enforcedelete()` function until a patch is available to prevent unauthorized deletion of companies. Restrict access to the `enforcedelete()` function to minimize the risk of exploitation. Avoid using the `key` variable in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress versions up to, and including, 2.2.6 **Description** The issue is related to Insecure Direct Object Reference, which allows authenticated attackers with employer-level access and above to delete arbitrary data. This is possible due to missing validation on a user-controlled key via the `jobenforcedelete` endpoint. **Recommendations** For versions up to, and including, 2.2.6, consider disabling the `jobenforcedelete` endpoint until a patch is available to prevent arbitrary deletion of data. Restrict access to this endpoint to minimize the risk of exploitation. Avoid using the `jobenforcedelete` endpoint with user-controlled input until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WP Job Portal plugin versions prior to 2.2.3 **Description** The WP Job Portal plugin for WordPress is vulnerable to SQL Injection via the `fieldfor`, `visibleParent`, and `id` parameters due to insufficient escaping on user-supplied parameters and lack of sufficient preparation on existing SQL queries. This allows authenticated attackers with Administrator-level access and above to append additional SQL queries into already existing queries, which can be used to extract sensitive information from the database. **Recommendations** For versions prior to 2.2.3, update to the latest version to mitigate risks. As a temporary workaround, consider restricting access to the `fieldfor`, `visibleParent`, and `id` parameters to minimize the risk of exploitation. Additionally, ensure that only necessary personnel have Administrator-level access and above to reduce the attack surface.

**Name of the Vulnerable Software and Affected Versions** WP Job Portal – A Complete Recruitment System plugin for WordPress versions up to, and including, 2.2.2 **Description** The WP Job Portal plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the `assignUserRole()` function. This allows unauthenticated attackers to elevate their privileges to that of an employer. **Recommendations** For versions up to, and including, 2.2.2, update to a version later than 2.2.2 to resolve the issue. As a temporary workaround, consider disabling the `assignUserRole()` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** WP Job Portal plugin versions prior to 2.2.3 **Description** The WP Job Portal plugin for WordPress is vulnerable to SQL Injection via the `ff` parameter of the `getFieldsForVisibleCombobox()` function due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. **Recommendations** For versions prior to 2.2.3, update to the latest version to mitigate risks. As a temporary workaround, consider restricting access to the `getFieldsForVisibleCombobox()` function until a patch is available. Avoid using the `ff` parameter in the affected function until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** WP Job Portal plugin for WordPress versions up to, and including, 2.2.2 **Description** The issue is related to SQL Injection via the `page id` parameter of the `wpjobportal deactivate()` function due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query. This allows authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. **Recommendations** For versions up to, and including, 2.2.2, update to the latest version to resolve the issue. As a temporary workaround, consider restricting access to the `wpjobportal deactivate()` function until a patch is available. Avoid using the `page id` parameter in the affected function until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** WP Job Portal – A Complete Recruitment System plugin for WordPress versions up to, and including, 2.2.2 **Description** The WP Job Portal plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the `getResumeFileDownloadById()` function. This makes it possible for unauthenticated attackers to download other users' resumes. **Recommendations** For versions up to, and including, 2.2.2, update to a version later than 2.2.2 to resolve the issue. As a temporary workaround, consider disabling the `getResumeFileDownloadById()` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** WP Job Portal plugin for WordPress versions prior to 2.2.3 **Description** The WP Job Portal plugin for WordPress is vulnerable to SQL Injection via the `resumeid` parameter due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. **Recommendations** Update to version 2.2.3 to secure your site. As a temporary workaround, consider restricting access to the `resumeid` parameter to minimize the risk of exploitation.