CVE-2024-13771

Critical CVSS: 9.8

The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.1.4. This is due to a lack of user validation before changing a password. This makes it possible for unauthenticated attackers to change the password of arbitrary users, including administrators, if the attacker knows the username of the victim.

Vendor

Uxper

Product

Civi

CWE

CWE-288

Yayın Tarihi

2025-03-14 12:15:13

Güncelleme

2025-03-28 16:18:52

Source Identifier

security@wordfence.com

KEV Date Added

Kategoriler

CWE-288 Civi CRITICAL Uxper 2025

Referanslar

http://localhost:1337/wp-content/themes/civi/includes/class-ajax.php#L715 https://www.wordfence.com/threat-intel/vulnerabilities/id/5ab2c74d-b83b-40ea-951c-83aeb76a7515?source=cve

Benzer Kayıtlar

High

CVE-2024-13773

The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to Sensitive Information…

Medium

CVE-2024-13772

The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to authentication bypass…

Critical

CVE-2024-12876

The Golo - City Travel Guide WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeo…