CVE-2024-11285

Critical CVSS: 9.8

The WP JobHunt plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 7.1. This is due to the plugin not properly validating a user's identity prior to updating their details like email via the account_settings_callback() function. This makes it possible for unauthenticated attackers to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account.

Vendor

Chimpgroup

Product

Jobcareer

CWE

CWE-639

Yayın Tarihi

2025-03-14 05:15:40

Güncelleme

2025-07-08 15:20:09

Source Identifier

security@wordfence.com

KEV Date Added

Kategoriler

CWE-639 Jobcareer CRITICAL Chimpgroup 2025

Referanslar

https://themeforest.net/item/jobcareer-job-board-responsive-wordpress-theme/14221636 https://www.wordfence.com/threat-intel/vulnerabilities/id/0e61c98d-a6f4-4ac0-b9f9-2b936c030413?source=cve

Benzer Kayıtlar

Critical

CVE-2025-32927

Deserialization of Untrusted Data vulnerability in Chimpstudio FoodBakery wp-foodbakery allows Object Injection.This iss…

High

CVE-2024-12810

The JobCareer | Job Board Responsive WordPress Theme theme for WordPress is vulnerable to unauthorized access, modificat…

Critical

CVE-2024-11284

The WP JobHunt plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, an…

Critical

CVE-2024-11286

The WP JobHunt plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.1. Th…

High

CVE-2024-11283

The WP JobHunt plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.1. Th…