Unauthenticated Attackers Can Easily Escalate Privileges on JobSearch WP Job Board Plugin
CVE-2024-11925

9.8CRITICAL

Key Information:

Vendor: Wordpress
Status: Jobsearch WP Job Board
Vendor: CVE Published:; 28 November 2024

Summary

The JobSearch WP Job Board plugin for WordPress allows unauthenticated attackers to exploit a privilege escalation vulnerability stemming from inadequate verification of user identities during the email address verification process in the user_account_activation function. This security flaw affects all versions up to and including 2.6.7, enabling unauthorized users to log in as any registered user, potentially including site administrators, provided they have knowledge of the users' email addresses. The oversight creates significant security risks for WordPress sites utilizing this plugin, necessitating prompt action to secure the affected installations.

Affected Version(s)

JobSearch WP Job Board * <= 2.6.7

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://codecanyon.net/item/jobsearch-wp-job-board-wordpr...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 28, 2024
Vulnerability Reserved
Nov 27, 2024

Credit

Tonn