pdf_info 0.5.3 is vulnerable to Command Execution.

RubyGems.org is the Ruby community’s gem hosting service. Instantly publish your gems and then install them. Use the API to find out more about available gems. Become a contributor and improve the site yourself.

RubyGems.org is made possible through a partnership with the greater Ruby community. Fastly provides bandwidth and CDN support, Ruby Central covers infrastructure costs, and Ruby Together funds ongoing development and ops work. Learn more about our sponsors and how they work together.

We need your help to fund the developer time that keeps RubyGems.org running smoothly for everyone. Join Ruby Together today.

CVE-2022-36231: pdf_info | RubyGems.org | your community gem host

CSF 2.0 blueprint offered up for public review

CSF 2.0 blueprint offered up for public review

ANALYSIS The US National Institute of Standards and Technology (NIST) is planning significant changes to its Cybersecurity Framework (CSF) – the first in five years, and the biggest reform yet.

First published in 2014 and updated to version 1.1 in 2018, the CSF provides a set of guidelines and best practices for managing cybersecurity risks. The framework is designed to be flexible and adaptable rather than prescriptive, and is widely used by organizations and government agencies, both within and outside the US, to create cybersecurity programs and measure their maturity.

Following a long consultation, NIST has published a concept paper (pdf) for CSF 2.0 and opened it up to further review. The resulting feedback will be used to develop a final draft of the revised framework, due out sometime this summer.

“We think that there's been enough changes in the cybersecurity landscape to warrant a significant update this time around," says Cherilyn Pascoe, senior technology policy advisor at NIST and Cybersecurity Framework Program lead.

“There have been changes in cybersecurity standards, including those published by NIST but also elsewhere; there's been significant changes in the risk landscape and in technologies. And so even though the vast majority of our respondents said they still like the framework, there were a number of changes that folks are looking for, and so we thought it was time for us to do a refresh."

Cherilyn Pascoe, senior technology policy advisor at NIST and Cybersecurity Framework Program lead

**Expanded audience**

One notable change is who the framework is aimed towards. Since the publication of CSF 1.1, the US Congress has explicitly directed NIST to consider the needs of small businesses and higher education institutions, beyond its original target demographic of critical national infrastructure organizations (in utilities, telecoms, transport, banking etc).

"The scope was originally for critical infrastructure, as defined under \[a US President\] Executive Order, but over time lots of organizations have started to use it," says Pascoe.

"We don't want organizations to have to make that determination about whether or not they're critical infrastructure, which is sometimes a legal issue that comes with additional burdens, and so were proposing to broaden it to all organizations."

There are also plans to increase international collaboration, and encourage more countries to adopt the framework, either in full or in part.

Sign up to Daily Swig Deserialized, our new fortnightly rundown of web security, bug bounty, and hacking culture news

Meanwhile, a new ‘Govern’ function will join the existing five precepts – Identify, Protect, Detect, Respond, and Recover – with the aim of positioning cybersecurity risk alongside other enterprise risks such as threats to financial stability.

The new function would include determination of the priorities and risk tolerances of the organization, its customers, and larger society; assessment of cybersecurity risks and impacts; the establishment of cybersecurity policies and procedures; and an evaluation of cybersecurity roles and responsibilities.

“There has been a lot of work to better understand how cybersecurity risk can be incorporated as part of other enterprise risks, so alongside financial risk; the importance of senior leadership being aware of cybersecurity risks and the policies and procedures that would need to be in place to address cybersecurity," says Pascoe.

“I think there's become much more awareness that cybersecurity is not just a technical issue and that it's something that needs to be addressed by the upper levels of the organization,” she added.

This addition is largely a response to the growing use of the framework to structure discussions about cybersecurity risk between technologists and senior managers.

**Joined-up thinking**

One issue highlighted during the request for information was the need to improve the alignment of the framework with other NIST and non-NIST security programmes, such as the Risk Management Framework and Workforce Framework for Cybersecurity.

Respondents also called for more practical guidance on applying the framework, leading to a new section focused on implementation examples. While the framework remains focused on high level outcomes rather than specific processes, according to Pascoe, “these examples will help give a starting point for organizations to think about different ways that they can implement the higher level subcategory outcomes”.

**Risk management**

For the first time, the new framework will have a significant focus on supply chain risk management, helping and encouraging organizations to address third-party risks of all kinds, from cloud computing to computers, software and networking equipment, along with the non-technology supply chain.

However, says Pascoe, there are mixed opinions about how to do this: in particular, whether cybersecurity supply chain management should be integrated into the framework's existing structures or split off as a separate function.

“Everyone thinks yes, this is a really important issue, but feedback was mixed, so we've said let's think some more about this and how to address it,” she says.

“It sometimes goes by sector, and is sometimes based off their existing regulatory requirements; so, for example, the financial sector is very regulated for cybersecurity and they have existing third party requirements that they're hoping to see within the framework, so they're probably the most vocal about wanting a significant expansion for third party \[responsibilities\].”

**Measure for measure**

CSF 2.0 is also set to include more guidance on measurement and assessment, with a common taxonomy and lexicon to communicate the outcome of an organization's measurement and assessment efforts, regardless of the underlying risk management process.

"NIST is a measurement science agency and so we're always striving to develop tools to measure things – but cybersecurity measurement is probably one of the hardest things that we've ever tackled,” says Pascoe.

Catch up with the latest cybersecurity policy and legislation news

“Organizations are asking the question: 'Now that I've used the framework for a decade, how do I know that my cybersecurity posture is improving and the actions that I'm taking are beneficial to reduce the risk?''"

The plan is to provide additional guidance about how to do access levels of security maturity – some in CSF 2.0 itself, and some in separate guidance.

**Privacy, zero trust conundrums**

NIST decided not to merge its privacy framework with the CSF after consulting stakeholders, although Pascoe says that could be a move for a future CSF 3.0 given increasing "overlap between the two”.

Pascoe foresees disagreement, or at least significant further discussion, on topics such as the applicability within the framework of zero trust – a network security concept that urges organizations not to trust any device by default, regardless of whether it sits outside or inside an organization’s perimeter.

NIST’s view is that zero trust need not be incorporated into the framework, even though applying the architecture is a priority for the Biden administration.

**Vendor neutral?**

Another area still very much up for discussion is NIST's proposal to keep the framework technology- and vendor-neutral, with some calling for it to address specific topics, technologies, and applications.

"The framework has always been tech-neutral, but organizations are looking for more guidance when they are, say, leveraging cloud or leveraging the internet of things or operational technologies,” says Pascoe.

“And so that one's going to be a really particular struggle to make sure that we are remaining tech-neutral, while also not excluding any particular systems - but I think there are a number of organizations that were looking for us to go further than that, and have specific guidance for each of these technologies.”

Comments on the proposals can be submitted to NIST at cyberframework@nist.gov until March 3, with a draft planned for summer, followed by a public review.

“So we're going to try and find consensus where we can, but some of these changes on governance and supply chain are really large. Hopefully we'll be able to find a solution,” Pascoe concluded.

YOU MAY ALSO LIKE Belgium will protect ethical hackers under a nationwide safe harbor framework

NIST plots biggest ever reform of Cybersecurity Framework

A Path Traversal in setup.php in OpenEMR < 7.0.0 allows remote unauthenticated users to read arbitrary files by controlling a connection to an attacker-controlled MySQL server.

CVE-2023-22974: OpenEMR Patches - OpenEMR Project Wiki

pfSense CE through 2.6.0 and pfSense Plus before 22.05 allow XSS in the WebGUI via URL Table Alias URL parameters.

closed

 

**Potential XSS from URL and URL Table alias URLs**

Category:

Aliases / Tables

Plus Target Version:

22.05

**Description**

The URL from a URL or URL Table type alias is not sanitized before display on firewall_alias.php, which can potentially lead to a stored XSS when viewing the list of aliases on the **URL** or **All** tabs.

The URL from a URL table alias is also not sanitized when included in the alias popup on various firewall and NAT rule pages, but that mechanism has its own safety measures which prevent it from being a concern there. Even so, it's best to encode it in the popup.

*   History
*   Notes
*   Property changes
*   Associated revisions

*   **Status** changed from _New_ to _Feedback_
*   **% Done** changed from _0_ to _100_

*   **Status** changed from _Feedback_ to _Resolved_

No issues on current snapshots

*   **Private** changed from _Yes_ to _No_

Also available in: Atom PDF

CVE-2022-29273: Bug #13060: Potential XSS from URL and URL Table alias URLs - pfSense

Integer overflow in PDF in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium)

CVE-2023-0933

The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arbitrary code execution because the application/x-ms-dos-executable MIME type is associated with an un-sandboxed Mono CLR interpreter.

CVE-2023-26314: #972146 - /usr/share/applications/mono-runtime-common.desktop: should not handle MIME type by executing arbitrary code (CVE-2023-26314)

By Deeba Ahmed
The bugs allowed cybercriminals to bypass the iOS system's security protections and execute unauthorized code. 
This is a post from HackRead.com Read the original post: Apple Bug Could Allow Attackers Access to Photos and Messages

The findings are based on previous research from Google and Citizen Lab conducted in 2021 which discovered a zero-click, zero-day iOS exploit dubbed “ForcedEntry,” linked to the Israeli NSO Group.

Apple devices and products are known for their advanced security mechanisms, particularly the iPhone and Macbook. However, the latest research reveals that even Apple products aren’t safe from the prying eyes of threat actors.

Researchers at the cybersecurity firm Trellix Advanced Research Center have disclosed details of a newly discovered privilege escalation bug class that, if exploited, could allow an attacker to sweep up call history, messages, and photos from the device.

According to researchers, the bugs allowed cybercriminals to bypass the iOS system’s security protections and execute unauthorized code. The security flaws were ranked as medium to high in terms of security.

Trellix’s vulnerability research director, Doug McKee, stated that although Apple has addressed the issue, the concern is that these vulnerabilities allow bypassing of Apple’s security model at a “fundamental level.”

Apple said the bugs weren’t exploited in the wild before being fixed.

**How Was the Bug Discovered?**

The findings are based on previous research from Google and Citizen Lab conducted in 2021. The organizations discovered a zero-click, zero-day iOS exploit dubbed “ForcedEntry,” linked to NSO Group.

This was a highly sophisticated exploit found on a Saudi activist’s iPhone and was used for installing Pegasus malware developed by the NSO Group. The same spyware was also found on the iPhones of nine State Department officials in the United States.

This exploit had two key features: first, it tricked the iPhone into opening a malicious PDF disguised as a GIF file. Secondly, it enabled attackers to evade the sandbox that Apple introduced to prevent apps from accessing data from other apps or other parts of the device.

This second feature of ForcedEntry was the basis of Trellix’s research from senior vulnerability researcher Austin Emmitt. A proof-of-concept was released to demonstrate how the bugs could be exploited.

**Vulnerabilities**

Emmitt discovered a new class of vulnerabilities revolving around the NSPredicate tool that filters code within Apple’s systems. This tool was first exploited in ForcedEntry, as the 2021 research revealed, and Apple introduced new measures to prevent this abuse.

However, the mitigation methods were insufficient, as Trellix researchers found that these methods could also be bypassed since bugs in the NSPredicate class were found in multiple places in macOS and iOS systems.

This includes the Springboard app, which manages the home screen on an iPhone and can access photos, location data, and the camera. After exploiting the bugs, the attacker could access places they could not otherwise invade. Attackers trying to exploit it need to gain an initial foothold into the device.

Vulnerabilities in NSPredicate were discovered in macOS 13.2 and iOS 16.3, and Apple patched them with software updates in January. The company also issued CVEs for these flaws—CVE-2023-23530 and CVE-2023-23531—and released new versions of macOS and iOS.

1.  Apple AirTags used as trojan for credential hacking
2.  iOS Devices Receive Vital Security Updates from Apple
3.  Charging cable remotely steals data from Apple devices
4.  55 Apple bugs risked iCloud account takeover, data theft
5.  Study: Android sends more data to Google than iOS to Apple

Apple Bug Could Allow Attackers Access to Photos and Messages

JFrog argues vulnerability risk metrics need complete revamp

JFrog argues vulnerability risk metrics need complete revamp

ANALYSIS Weaknesses in the existing CVSS scoring system have been highlighted through new research, with existing metrics deemed responsible for “overhyping” some vulnerabilities.

So-called “overinflated” ratings are potentially eating up the limited time of cybersecurity teams who may then not be focused on the bugs most likely to impact their organizations in favor of issues deemed critical across the board.

Catch up with the latest security vulnerability research and analysis

An analysis, put together by security tools vendor JFrog, involved accessing the popular Common Vulnerability Scoring System (CVSS), an open industry standard framework for assessing the severity of security problems. The system is managed by the non-profit Forum of Incident Response and Security Teams (FIRST) with the National Vulnerability Database (NVD) providing CVSS scores for confirmed vulnerabilities.

JFrog’s analysis, which focused on accessing the impact of security bugs in open source software, concluded that public CVSS impact metrics may be oversimplifying the risk posed by vulnerabilities because it lacks context, among other factors.

**Critical assessment**

According to the report (PDF), “Analysis of Open Source Security Vulnerabilities Most Impactful to DevOps and DevSecOps Teams”, there is a “discrepancy” between public severity ratings and the internal JFrog assessments of the top 50 CVEs of 2022.

JFrog’s security researchers say that in ‘most’ cases, the company’s own CVE (Common Vulnerabilities and Exposures) severity assessment is lower than the rating assigned in the NVD – “meaning oftentimes these vulnerabilities are being overhyped”.

For example, a buffer overrun in X.509 certificate verification, CVE-2022-3602 (CVSS 7.5), was of grave concern – until the release of the exploit’s technical details, which showed there was a marginal real-world impact, according to the researchers.

In total, 64% of the top 50 CVEs were given a lower JFrog severity rating, whilst 90% received a lower or equal rating.

**Context dependant**

JFrog says that many NVD security ratings were “undeserved” as they were not as simple to exploit as reported. Furthermore, many of the analyzed vulnerabilities required complex configuration environments or particular conditions for a successful attack.

Another criticism made by the cybersecurity firm is that there may be a lack of context when assigning CVE attack complexity metrics. For example, considering how potentially vulnerable software is deployed, the network environment, how the software is used, or whether a vulnerable API could end up parsing untrusted data should all be analyzed. The result is that severity ratings might either be set either too high or too low.

**Misdirecting priorities risk**

JFrog also observed that 10 of the most prevalent vulnerabilities in 2022 impacting the enterprise tended to have low severity ratings and so are either regarded as a lower priority for enterprise IT teams and open source project maintainers – so remediation work is either delayed or (worse) entirely disregarded.

If a bug is considered too small to bother with, developers may not create a patch, which JFrog says can only increase the number of affected systems over time. In contrast, if a CVSS rating is high but the real-world impact is considered minuscule, the threat level could be faulted as misleading.

Speaking to The Daily Swig, Shachar Menashe, senior director of security research at JFrog, said the best solution would be to update the CVSS standard to contain fields that would provide more context, such as exploitability in default configurations and whether or not there are context-dependent attack vectors.

Menashe added:

“Since everybody already uses CVSS this is the path of least resistance. CVSS v4.0 has been in the works for a very long time, but it still does not have a concrete availability date.

“On top of that, NVD needs to be more open to CNA-submitted CVSS scores (the CNA-submitted CVSS is ignored many times). There’s also another new comparative scheme – EPSS, but I think its viability hasn’t been proven yet, and its implementation is very opaque, so we can only wait and judge it by empirical results in the future.”

Sign up to Daily Swig Deserialized, our new fortnightly rundown of web security, bug bounty, and hacking culture news

Many cybersecurity experts acknowledge that the existing CVSS system is limited, and experience is what fills the gaps during vulnerability assessments. The quantitative research carried out by JFrog backs the “gut feeling” of many infosec professionals that the current vulnerability scoring system needs a revamp.

**FIRST responder**

Asked about JFrog’s critique, Chris Gibson, executive director of FIRST, said that in general, “scoring providers supply ‘reasonable worst case’ base scores, and rely on the consumers to mitigate (lower) the final score”.

Temporal threat information, asset criticality, compensating controls – such as firewall filters – and other environmental scores are “designed to lower the score to a more apt, applicable level, according to Gibson.

“Third parties, such as JFrog, can help consumers by providing threat intelligence (temporal score), allowing the use of the full CVSS score to better track patch priority and technical risk.”

Asked about potential improvements, Gibson said CVSS v4.0 is “coming soon” and will include a method for product developers to provide supplementary urgency ratings, leading to “a more accurate representation of the urgency of the vulnerability in their implementation, rather than relying on the OSS library provider’s worst-case scoring”.

“The CVSS system can be useful as long as its shortcomings are kept in mind. For instance, CVSS might score a vulnerability without considering important contextual factors like the environment in which it was found and the potential commercial or operational impact.”

Prashanth Samudrala, VP of product management at AutoRABIT, told The Daily Swig: “The system relies on currently available information, which means it could make decisions based on incomplete or incorrect information. While the CVSS system can be helpful, it should be used alongside other means of evaluation to get an accurate assessment.”

YOU MAY ALSO LIKE ‘Most web API flaws are missed by standard security tests’ – Corey J Ball on securing a neglected attack vector

CVSS system criticized for failure to address real-world impact

Security researchers found a class of flaws that, if exploited, would allow an attacker to access people’s messages, photos, and call history.

For years, Apple has hardened the security systems on iPhones and Macs. But no company is immune from such issues. Research reveals a new class of bugs that can affect Apple’s iPhone and Mac operating systems and if exploited could allow an attacker to sweep up your messages, photos, and call history.

Researchers from security firm Trellix’s Advanced Research Center are today publishing details of a bug that could allow criminal hackers to break out of Apple’s security protections and run their own unauthorized code. The team says the security flaws they found—which they rank as medium to high severity—bypass protections Apple had put in place to protect users.

“The key thing here is the vulnerabilities break Apple’s security model at a fundamental level,” says Doug McKee, director of vulnerability research at Trellix. McKee says that finding the new bug class means researchers and Apple will potentially be able to find more similar bugs and improve overall security protections. Apple has fixed the bugs the company found, and there is no evidence they were exploited.

Trellix’s findings build on previous work by Google and Citizen Lab, a University of Toronto research facility. In 2021, the two organizations discovered ForcedEntry, a zero-click, zero-day iOS exploit that was linked to Israeli spyware maker NSO Group. (The exploit, described as highly sophisticated, was found on the iPhone of a Saudi activist and used to install NSO’s Pegasus malware.)

Analysis of ForcedEntry showed it involved two key parts. The first tricked an iPhone into opening a malicious PDF that was disguised as a GIF. The second part allowed attackers to escape Apple’s sandbox, which keeps apps from accessing data stored by other apps and from accessing other parts of the device. Trellix’s research, by senior vulnerability researcher Austin Emmitt, focuses on that second part and ultimately used the flaws he found to bypass the sandbox.

Specifically, Emmitt found a class of vulnerabilities that revolve around NSPredicate, a tool that can filter code within Apple’s systems. NSPredicate was first abused in ForcedEntry, and as a result of that research in 2021, Apple introduced new ways to stop the abuse. However, those don’t appear to have been enough. “We discovered that these new mitigations could be bypassed,” Trellix says in a blog post outlining the details of its research.

McKee explains that the bugs within this new NSPredicate class existed in multiple places across macOS and iOS, including within Springboard, the app that manages the iPhone’s home screen and can access location data, photos, and the camera. Once the bugs are exploited, the attacker can access areas that are meant to be closed off. A proof-of-concept video published by Trellix shows how the vulnerabilities can be exploited. 

The new class of bugs “brings a lens to an area that people haven’t been researching before because they didn’t know it existed,” McKee says. “Especially with that backdrop of ForcedEntry because somebody at that sophistication level already was leveraging a bug in this class.”

Crucially, any attacker trying to exploit these bugs would require an initial foothold into someone’s device. They would need to have found a way in before being able to abuse the NSPredicate system. (The existence of a vulnerability doesn’t mean that it has been exploited.)

Apple patched the NSPredicate vulnerabilities Trellix found in its macOS 13.2 and iOS 16.3 software updates, which were released in January. Apple has also issued CVEs for the vulnerabilities that were discovered: CVE-2023-23530 and CVE-2023-23531. Since Apple addressed these vulnerabilities, it has also released newer versions of macOS and iOS. These included security fixes for a bug that was being exploited on people’s devices. Make sure you update your iPhone, iPad, and Mac each time a new version of the operating system becomes available.

A New Kind of Bug Spells Trouble for iOS and macOS Security

The WP Private Message WordPress plugin (bundled with the Superio theme as a required plugin) before 1.0.6 does not ensure that private messages to be accessed belong to the user making the requests. This allowing any authenticated users to access private messages belonging to other users by tampering the ID.

Superio – Job Board WordPress theme is a complete Job Board WordPress theme that allows you to create a useful and easy to use job listings website. Using Superio theme, you can create a complete & fully Responsive job portal, career platform to run human resource management, recruitment or job posting website. Superio is not just a job board theme, it’s the best WordPress job portal template choice for anyone who wants a simple job script that makes money.

**Features**

*   Fields Manager
*   Indeed Jobs Import
*   Career builder Jobs Import
*   Careerjet Jobs Import
*   Ziprecruiter Jobs Import
*   **Restrict Job**  
    **\- View job page:**
    *   All (Users, Guests)
    *   All Register Users
    *   Register Candidates (All registered candidates can view jobs.)
    *   Always Hidden
*   **Restrict Candidate**  
    **\- View candidate page:**
    
    *   All (Users, Guests)
    *   All Register Users
    *   Only Applicants (Employer can view only their own applicants candidates.)
    *   Register Employers (All registered employers can view candidates.)
    *   Register Employers with package (Registered employers who purchased CV Package can view candidates.)
    
    **\- View candidate contact info:**
    *   All (Users, Guests)
    *   All Register Users
    *   Only Applicants (Employer can view only their own applicants candidates.)
    *   Register Employers (All registered employers can view candidates.)
    *   All users can view candidate, but only employers with package can see contact info (Users who purchased Contact Package can see contact info.)
*   **Restrict Employer**  
    **\- View candidate page:**
    
    *   All (Users, Guests)
    *   All Register Users
    *   Only Applicants (Candidate can view only their own applicants employers.)
    *   Register Candidates (All registered candidates can view employers.)
    *   Always Hidden
    
    **\- View candidate contact info:**
    *   All (Users, Guests)
    *   All Register Users
    *   Only Applicants (Candidate can view only their own applicants employers.)
    *   Register Candidates (All registered candidates can view employers.)
    *   Always Hidden
*   Add a job in frontend
*   Highly Customizable
*   Extensive Admin Interface
*   One click Demo Import
*   No coding knowledge required
*   Page Templates
*   Responsive & Retina Ready
*   Large collection of useful inner pages
*   Choose your grid size
*   Boxed layout option
*   Powerful typography options
*   Translation ready
*   WooCommerce compatible
*   Powerful sorting options for job listings and resumes
*   Multiple ways of showcasing job listings and resumes
*   Listing List shortcode
*   Listing Search shortcode
*   Listing Advanced Search shortcode
*   Listing Simple Search shortcode
*   Resume List shortcode
*   Resume Advanced Search shortcode
*   User login
*   User Dashboard page template
*   Facebook, Google, Twitter, LinkedIn login
*   Facebook, Google, Twitter, LinkedIn apply job
*   Pricing Tables shortcode
*   Comparison Pricing Tables shortcode
*   Smooth Page Transitions
*   Fontawsome & Flaticon
*   User Login Form
*   User Notification
*   Meeting Zoom
*   Here maps
*   Google maps
*   Mapbox maps

**Updates History:**

**Version 1.2.37 – 13 February 2023**

\* Updated preview job
\* Updated apply job
\* Updated reviews
\* Fixed datepicker in register form

**Version 1.2.36 – 07 January 2023**

\* Updated WooCommerce
\* Updated upload file
\* Update apply job
\* Updated RSS job

**Version 1.2.35 – 19 December 2022**

\* Updated WooCommerce
\* Updated Download CV
\* Updated Filter
\* Updated PHP warning

**Version 1.2.34 – 29 November 2022**

\* Updated job apply
\* Fixed error application when deleting candidate, job

**Version 1.2.33 – 11 November 2022**

\* Fixed apply for a job

**Version 1.2.32 – 07 November 2022**

\* Updated WooCommerce
\* Updated meeting form
\* Updated register form
\* Updated message in email template
\* Added notifications in header mobile
\* Fixed scheduled meeting

**Version 1.2.31 – 19 October 2022**

\* Update candidate filter tag
\* Update filter custom date field
\* Updated experience field
\* Updated cancel package
\* Updated private message

**Version 1.2.30 – 20 September 2022**

\* Updated WooCommerce
\* Updated candidate tag default

**Version 1.2.29 – 13 September 2022**

\* Updated packages
\* Updated upload file

**Version 1.2.28 – 25 August 2022**

\* Updated theme style
\* Updated calendar
\* Updated Notification
\* Updated currency

**Version 1.2.27 – 04 August 2022**

\* Updated email template
\* Updated Fields Manager

**Version 1.2.26 – 26 July 2022**

\* Updated pricing page
\* Updated application deadline
\* Updated thanks email content

**Version 1.2.25 – 20 July 2022**

\* Updated required custom field
\* Updated google job structure data
\* Updated application deadline

**Version 1.2.24 – 11 July 2022**

\* Updated job RSS feed
\* Added thanks email after applied job
\* Updated notification
\* Updated elementor element
\* Updated restrict candidate contact form

**Version 1.2.23 – 28 June 2022**

\* Updated shortlist candidate name
\* Fixed remove emloyee

**Version 1.2.22 – 13 June 2022**

\* Updated related jobs
\* Updated job map logo
\* Added telegram, discord social network

**Version 1.2.21 – 04 June 2022**

\* Updated multiple select field
\* Updated Apus Posts element
\* Updated register password
\* Updated plugin settings

**Version 1.2.20 – 18 May 2022**

\* Updated Theme Font
\* Updated widgets
\* Updated employer url
\* Updated socials link
\* Updated user description

**Version 1.2.19 – 09 May 2022**

\* Fixed Login user
\* Updated meeting zoom email varibales

**Version 1.2.18 – 04 May 2022**

\* Updated filter custom fields multiple select
\* Updated datepicker
\* Updated meeting date
\* Added restrict Employer, Candidate fields
\* Updated register form

**Version 1.2.17 – 03 May 2022**

\* Fixed employer url

**Version 1.2.16 – 29 April 2022**

\* Updated breadcrumbs url
\* Added filled label
\* Improved Apus Team element
\* Fixed create meetings in Approved tab

**Version 1.2.15 – 27 April 2022**

\* Updated date format
\* Updated filter custom field
\* Added option for Job Slug, Employer slug, Candidate slug
\* Update import employer, candidate
\* Added recapthcha login
\* Add hidden Job title, Candidate title, Employer title
\* Updated show/hide password in login/change password form
\* Updated location display

**Version 1.2.14 – 21 April 2022**

\* Updated employer job count
\* Updated employer url
\* Updated cache taxonomy
\* Updated date format
\* Updated invite email variables
\* Updated register password
\* Updated send email contact subject
\* Fixed upload file
\* Fixed upload cv apply

**Version 1.2.13 – 04 April 2022**

\* Updated theme style
\* Updated mobile menu label
\* Updated register candidate, register employer
\* Updated RSS feed
\* Updated submit job package

**Version 1.2.12 – 24 March 2022**

\* Updated Elementor
\* Updated Application Dealine

**Version 1.2.11 – 22 March 2022**

\* Updated WooCommerce login/register
\* Added Job Expired, Candidate Expired page
\* Updated shortlist job
\* Updated shortlist candidate
\* Updated candidate filter form
\* Updated employer filter form

**Version 1.2.10 – 10 March 2022**

\* Fixed Employer dashboard
\* Fixed jobs applications

**Version 1.2.9 – 03 March 2022**

\* Updated related Job
\* Updated Related Candidate
\* Updated Register Employer, Candidate
\* Updated apply without login

**Version 1.2.8 – 24 February 2022**

\* Updated jobs category
\* Updated Logout User
\* Updated import employer, candidate

**Version 1.2.7 – 10 February 2022**

\* Update footer menu style
\* Update language

**Version 1.2.6 – 20 January 2022**

\* Updated Jobs page url, Candidates page url, Employer page url
\* Updated candidate download his resume
\* Updated meetings message
\* Fixed filter taxonomy page

**Version 1.2.5 – 17 January 2022**

\* Add Register Tabs
\* Fixed create Employee
\* Fixed invite candidate

**Version 1.2.4 – 12 January 2022**

\* Updated Resume builder
\* Fixed invite candidate apply job

**Version 1.2.3 – 11 January 2022**

\* Fixed PHP error
\* Updated Invited Candidate
\* Added Autocomplete search

**Version 1.2.2 – 05 January 2022**

\* Updated logo thumbnail
\* Updated multiple languages
\* Updated Rest API

**Version 1.2.1 – 20 December 2021**

\* Updated Apus Posts element
\* Updated filter button
\* Updated taxonomy select2
\* Updated candidate profile
\* Updated job alert
\* Updated candidate alert

**Version 1.2.0 – 07 December 2021**

\* Added more 7 Home pages
\* Added Phone field for Job
\* Added select search taxonomy
\* Added Invite Candidate Apply Job
\* Add multi currencies
\* Updated recaptcha
\* Updated breadcrumbs
\* Improved filled job

**Version 1.1.16 – 16 November 2021**

\* Added Call to Apply
\* Updated Employer Dashboard
\* Fixed candidate category banner
\* Fixed user packages

**Version 1.1.15 – 05 November 2021**

\* Fixed WPML
\* Updated Google Struct Data
\* Updated Job Alert, Candidate Alert

**Version 1.1.14 – 15 October 2021**

\* Updated apply CV
\* Updated contact email
\* Updated WPML
\* Updated salary filter

**Version 1.1.13 – 15 October 2021**

\* Updated megamenu fullwidth
\* Updated My Jobs page
\* Updated Job EMployer Info
\* Add option enable/disable Upload CV in Apply form
\* Fixed Resume PDF
\* Updated salary slider
\* Add show/hide Employer profile
\* Update upload filte types

**Version 1.1.12 – 29 September 2021**

\* Updated experience date
\* Updated packages sort
\* Updated social login
\* Updated submit job slug
\* Improved salary display
\* Improved job filled

**Version 1.1.11 – 16 September 2021**

\* Fixed Employee user
\* Fixed job applications
\* Fixed restrict candidates
\* Updated filter job, employer, candidate
\* Updated candidate salary
\* Updated resume creation pdf
\* Updated user password
\* Updated Employer categories
\* Updated header mobile options

**Version 1.1.10 – 09 September 2021**

\* Fixed private message
\* Fixed load more jobs, candidates, employers
\* Fixed maps
\* Fix price currency
\* Fixed job alert
\* Fixed register form
\* Updated user short profile
\* Updated locations
\* Updated candidate shortlist
\* Updated custom fields
\* Updated translate

**Version 1.1.9 – 24 August 2021**

\* Updated Pagination Load More
\* Updated Apply Types Field
\* Added option to change background color for Urgent, Featured items

**Version 1.1.8 – 23 August 2021**

\* Updated region field
\* Updated upload file
\* Fixed price currency
\* Updated breadcrumbs
\* Updated locations
\* Updated pagination

**Version 1.1.7 – 12 August 2021**

\* Updated Employer dashboard
\* Updated filter jobs, candidates, employers
\* Added show full phone
\* Added options show header desktop in mobile

**Version 1.1.6 – 05 August 2021**

\* Added Notifications for Employer, Candidate Dashboard
\* Updated string translate
\* Updated Restrict Candidate, Employer 
\* Updated region orderby

**Version 1.1.5 – 30 July 2021**

\* Fixed User packages
\* Added tags field for Candidate
\* Updated Candidate single page
\* Updated settings page

**Version 1.1.4 – 22 July 2021**

\* Added job logo field

**Version 1.1.3 – 20 July 2021**

\* Added Apply job without login
\* Added Required Label
\* Updated upload file

**Version 1.1.2 – 13 July 2021**

\* Updated pricing packages
\* Updated my jobs page
\* Updated job applied status
\* Updated candidate dashboard
\* Updated header mobile

**Version 1.1.1 – 08 July 2021**

\* Updated User Profile
\* Updated package
\* Updated Register form
\* Updated Employer dashboard chart

**Version 1.1.0 – 01 July 2021**

\* Added Meeting Zoom
\* Added Notification
\* Added register from settings
\* Added Here Maps
\* Fixed private message
\* Update filter form

**Version 1.0.13 – 16 June 2021**

\* Added show job field by package
\* Added show more button for taxonomy checklist, radio
\* Fixed CV file url
\* Fixed candidate dashboard
\* Updated theme style

**Version 1.0.12 – 15 June 2021**

\* Added dashboard chart
\* Updated filter
\* Updated login/register form
\* Updated font icon for custom field
\* Fixed number item per page
\* Improved style for no breadcrumbs

**Version 1.0.11 – 11 June 2021**

\* Updated Job, Candidate, Employer video
\* Updated Jobs, employers, candidates page with no breadcrumbs

**Version 1.0.10 – 10 June 2021**

\* Update select2 javascript

**Version 1.0.9 – 08 June 2021**

\* Update theme style
\* Fixed job maps in job preview

**Version 1.0.8 – 05 June 2021**

\* Update job application

**Version 1.0.7 – 29 May 2021**

\* Update responsive
\* Updated search jobs form
\* Updated job email apply

**Version 1.0.6 – 27 May 2021**

\* Update fields
\* Updated filter job
\* Fixed submit job

**Version 1.0.5 – 25 May 2021**

\* Updated theme style
\* Updated custom field display
\* Updated apply job
\* Fixed edit job

**Version 1.0.4 – 25 May 2021**

\* Updated theme style
\* Updated theme options
\* Improve fields manager

**Version 1.0.3 – 24 May 2021**

\* Updated register user
\* Update email template

**Version 1.0.2 – 22 May 2021**

\* Updated Import Demo Data

**Version 1.0.1 – 21 May 2021**

\* Updated Import Demo Data
\* Updated theme style

**Version 1.0.0 – 20 May 2021**

\* First release

Tag

#pdf