2025-03-14 04:22:34
Wordfence
PUBLISHED
The WP JobHunt plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.1. This is due to wp_ajax_google_api_login_callback function not properly verifying a users identity prior to authenticating them. This makes it possible for unauthenticated attackers to access arbitrary candidate accounts.