Unauthorized Access and Data Loss in JobCareer WordPress Theme by WordPress
CVE-2024-12810
8.8HIGH
Key Information:
- Vendor
- WordPress
- Vendor
- CVE Published:
- 14 March 2025
Summary
The JobCareer | Job Board Responsive WordPress Theme is susceptible to unauthorized access and data manipulation due to inadequate capability checks in its functions. Authenticated users with Subscriber-level privileges or higher can exploit this vulnerability to delete arbitrary files, create backups, restore them, and reset theme options to factory defaults. This not only compromises data integrity but also poses a severe risk to site functionality.
Affected Version(s)
JobCareer | Job Board Responsive WordPress Theme * <= 7.1
References
CVSS V3.1
Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Lucio Sá