Unauthorized Data Access in Jobify WordPress Theme by Astoundify

CVE-2024-13698

What is CVE-2024-13698?

The Jobify - Job Board WordPress Theme is exposed to a significant security risk due to a lack of capability verification in its 'download_image_via_ai' and 'generate_image_via_ai' functionalities. This oversight allows unauthenticated attackers to send web requests to arbitrary locations, potentially leading to the unauthorized uploading of image files and misuse of the site's OpenAI API key. This vulnerability is present in all versions up to and including 4.2.7, necessitating immediate attention from users to mitigate potential data breaches.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References