Unauthorized Access and Data Loss in JobCareer WordPress Theme by WordPress
CVE-2024-12810

8.8HIGH

Key Information:

Vendor
WordPress
Status
Jobcareer | Job Board Responsive WordPress Theme
Vendor
CVE Published:
14 March 2025

Summary

The JobCareer | Job Board Responsive WordPress Theme is susceptible to unauthorized access and data manipulation due to inadequate capability checks in its functions. Authenticated users with Subscriber-level privileges or higher can exploit this vulnerability to delete arbitrary files, create backups, restore them, and reset theme options to factory defaults. This not only compromises data integrity but also poses a severe risk to site functionality.

Affected Version(s)

JobCareer | Job Board Responsive WordPress Theme * <= 7.1

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://themeforest.net/item/jobcareer-job-board-responsi...

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Lucio Sá
.