CVE-2025-1315

Critical CVSS: 9.8

The InWave Jobs plugin for WordPress is vulnerable to privilege escalation via password reset in all versions up to, and including, 3.5.1. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.

Vendor

Sfwebservice

Product

Injob

CWE

CWE-288

Yayın Tarihi

2025-03-07 09:15:16

Güncelleme

2025-03-13 15:00:51

Source Identifier

security@wordfence.com

KEV Date Added

Kategoriler

CWE-288 Injob CRITICAL Sfwebservice 2025

Referanslar

https://themeforest.net/item/injob-job-board-wordpress-theme/20322987 https://www.wordfence.com/threat-intel/vulnerabilities/id/e49c7b2a-5241-4762-b7c9-c33b1ac4a668?source=cve