Authorization Bypass Through User-Controlled Key Vulnerability Affects WP Job Portal
CVE-2024-43266

8.8HIGH

Key Information:

Vendor: WordPress
Status: WP Job Portal
Vendor: CVE Published:; 18 August 2024

What is CVE-2024-43266?

The WP Job Portal plugin for WordPress is susceptible to an authorization bypass vulnerability, where user-controlled keys can be exploited to gain unauthorized access to restricted areas of the application. This issue impacts all versions up to 2.1.6, potentially allowing attackers to manipulate access controls and retrieve sensitive information without proper authentication.

Affected Version(s)

WP Job Portal <= 2.1.6

References

https://patchstack.com/database/vulnerability/wp-job-port...

vdb-entry

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 18, 2024
Vulnerability Reserved
Aug 9, 2024

Credit

LuxF0z (Patchstack Alliance)