Vulnerabilities in WP Job Portal Plugin Could Allow Attacks
CVE-2024-7950

9.8CRITICAL

Key Information:

Vendor: Wordpress
Status: WP Job Portal – A Complete Recruitment System For Company Or Job Board Website
Vendor: CVE Published:; 4 September 2024

Summary

The WP Job Portal plugin for WordPress is susceptible to Local File Inclusion vulnerabilities that allow unauthorized attackers to include and execute arbitrary files on the server. This is achieved through several functions invoked by the 'checkFormRequest' function, making it possible to execute PHP code within those files. Additionally, the vulnerability facilitates bypassing of access controls, exposing sensitive data, and arbitrary settings updates, including the creation of user accounts with default Administrator roles, even when user registration is disabled. This poses significant risks for WordPress installations utilizing the affected plugin versions.

Affected Version(s)

WP Job Portal – A Complete Recruitment System for Company or Job Board website * <= 2.1.6

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/wp-job-portal/...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 4, 2024
Vulnerability Reserved
Aug 19, 2024

Credit

Connor Billings