Authentication Bypass Vulnerability in JobSearch WP Job Board Plugin for WordPress
CVE-2024-11917

8.1HIGH

Key Information:

Vendor: WordPress
Status: Jobsearch WP Job Board
Vendor: CVE Published:; 25 April 2025

What is CVE-2024-11917?

The JobSearch WP Job Board plugin for WordPress is susceptible to an authentication bypass, allowing unauthenticated users to gain access under certain conditions. This vulnerability arises from improper configurations within the callback functions, particularly 'jobsearch_xing_response_data_callback', 'set_access_tokens', and 'google_callback'. Attackers can exploit this flaw to log in as the first connected user from both Xing and Google platforms if proper logout procedures are not followed within a thirty-day window. A partial patch was implemented in version 2.8.4, but vulnerabilities remain in earlier versions.

Affected Version(s)

JobSearch WP Job Board * <= 2.9.2

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://codecanyon.net/item/jobsearch-wp-job-board-wordpr...

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 25, 2025
Vulnerability Reserved
Nov 27, 2024

Credit

Friderika Baranyai