Privilege Escalation Vulnerability in WP JobHunt Plugin for WordPress
CVE-2024-11284

9.8CRITICAL

Key Information:

Vendor: WordPress
Status: WP Jobhunt
Vendor: CVE Published:; 14 March 2025

Summary

The WP JobHunt plugin is susceptible to privilege escalation due to improper validation of user identities when updating passwords via the account_settings_save_callback() function. This flaw allows unauthenticated attackers to change the passwords of any user, including those with administrative privileges, thus facilitating unauthorized access to their accounts. Users are advised to implement security measures and update to the latest version to mitigate this risk.

Affected Version(s)

WP JobHunt * <= 7.1

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://themeforest.net/item/jobcareer-job-board-responsi...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 14, 2025
Vulnerability Reserved
Nov 15, 2024

Credit

Tonn