CVE-2024-13372 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all…
Medium CVSS: 5.3

CVE-2024-13372

The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.6 via the getresumefiledownloadbyid() and getallresumefiles() functions due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to download users resumes without the appropriate authorization to do so.
Vendor
Wpjobportal
Product
Wp Job Portal
CWE
CWE-639
Yayın Tarihi
2025-02-01 08:15:09
Güncelleme
2025-02-05 16:11:08
Source Identifier
security@wordfence.com
KEV Date Added
-

Kategoriler

CWE-639 Wp Job Portal MEDIUM Wpjobportal 2025

Referanslar

https://plugins.trac.wordpress.org/changeset/3229608/wp-job-portal/tags/2.2.7/modules/resume/controller.php?old=3216415&old_path=wp-job-portal%2Ftags%2F2.2.6%2Fmodules%2Fresume%2Fcontroller.php https://www.wordfence.com/threat-intel/vulnerabilities/id/e00e65ba-db58-4d13-8cb3-c4d62a2553fb?source=cve