CVE-2023-6584: 
WordPress vulnerability analysis and mitigation

The WP JobSearch WordPress plugin before version 2.3.4 contains an authentication bypass vulnerability (CVE-2023-6584) that was discovered and publicly disclosed on November 24, 2023. This vulnerability affects all installations of the WP JobSearch plugin prior to version 2.3.4 and allows attackers to bypass authentication mechanisms (WPScan, NVD).

The vulnerability is classified as an authentication bypass (AUTHBYPASS) with a CVSS v3.1 score of 7.5 (HIGH) and is mapped to CWE-287 (Improper Authentication). The vulnerability allows attackers to log in as any user by only knowing their email address. The exploit can be executed through a specific POST request to the wp-admin/admin-ajax.php endpoint using the 'jobsearch_facebook_get_soc_login_url' action (WPScan).

When successfully exploited, this vulnerability allows unauthorized users to gain authenticated access to any user account on the affected WordPress installation, including administrator accounts, by only knowing the target user's email address. This can lead to complete site compromise and unauthorized access to sensitive information (WPScan).

The vulnerability has been fixed in WP JobSearch plugin version 2.3.4. Site administrators are strongly advised to update to this version or later to protect against this authentication bypass vulnerability (WPScan).