ReportizFlow
Filtered by vendor Uxper
Subscriptions
Filtered by product Civi
Subscriptions
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-13771 | 1 Uxper | 1 Civi | 2025-04-03 | 9.8 Critical |
| The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.1.4. This is due to a lack of user validation before changing a password. This makes it possible for unauthenticated attackers to change the password of arbitrary users, including administrators, if the attacker knows the username of the victim. | ||||
| CVE-2024-13772 | 1 Uxper | 1 Civi | 2025-03-28 | 5.6 Medium |
| The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.1.4. This is due to a lack of randomization of a password created during Single Sign-On via Google or Facebook. This makes it possible for unauthenticated attackers to change the password of arbitrary Candidate-level users if the attacker knows the username assigned to the victim during account creation. | ||||
| CVE-2024-13773 | 1 Uxper | 1 Civi | 2025-03-27 | 7.3 High |
| The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.4 via hard-coded credentials. This makes it possible for unauthenticated attackers to extract sensitive data including LinkedIn client and secret keys. | ||||
Page 1 of 1.