Unauthorized Access Vulnerability in WP Job Portal Plugin
CVE-2024-11715
9.8CRITICAL
Key Information:
- Vendor
Wordpress
- Vendor
- CVE Published:
- 14 December 2024
What is CVE-2024-11715?
The WP Job Portal plugin for WordPress suffers from a serious flaw due to inadequate capability checks in the assignUserRole() function. This oversight allows unauthenticated attackers to gain unauthorized access, potentially elevating their privileges to that of an employer. Exploitation of this vulnerability could lead to unauthorized alterations or misuse of the recruitment system, making it crucial for users to upgrade to the latest version to mitigate risks.
Affected Version(s)
WP Job Portal – A Complete Recruitment System for Company or Job Board website * <= 2.2.2