Unauthorized Data Access in Jobify WordPress Theme by Astoundify
CVE-2024-13698

6.5MEDIUM

Key Information:

Vendor: Wordpress
Status: Jobify - Job Board WordPress Theme
Vendor: CVE Published:; 24 January 2025

Summary

The Jobify - Job Board WordPress Theme is exposed to a significant security risk due to a lack of capability verification in its 'download_image_via_ai' and 'generate_image_via_ai' functionalities. This oversight allows unauthenticated attackers to send web requests to arbitrary locations, potentially leading to the unauthorized uploading of image files and misuse of the site's OpenAI API key. This vulnerability is present in all versions up to and including 4.2.7, necessitating immediate attention from users to mitigate potential data breaches.

Affected Version(s)

Jobify - Job Board WordPress Theme * <= 4.2.7

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://themeforest.net/item/jobify-wordpress-job-board-t...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 24, 2025
Vulnerability Reserved
Jan 24, 2025

Credit

Lucio Sá