The WP JobHunt plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.1. This is due to the plugin not properly verifying a users identity prior to authenticating them through the cs_parse_request() function. This makes it possible for unauthenticated attackers to to log in to any users account, including administrators.
A product requires authentication, but the product has an alternate path or channel that does not require authentication.