9.8
CVE-2024-11925
- EPSS 0.15%
- Veröffentlicht 28.11.2024 07:15:05
- Zuletzt bearbeitet 28.11.2024 07:15:05
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
WP JobSearch <= 2.6.7 - Authentication Bypass to Account Takeover and Privilege Escalation
The JobSearch WP Job Board plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.6.7. This is due to the plugin not properly verifying a users identity when verifying an email address through the user_account_activation function. This makes it possible for unauthenticated attackers to log in as any user, including site administrators if the users email is known.
Mögliche Gegenmaßnahme
JobSearch WP Job Board: Update to version 2.6.8, or a newer patched version
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginWeitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
JobSearch WP Job Board
Version
*-2.6.7
Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
Herstellereyecix
≫
Produkt
jobsearch_wp_job_board
Default Statusunknown
Version <=
2.6.7
Version
0
Status
affected
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.15% | 0.353 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@wordfence.com | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-288 Authentication Bypass Using an Alternate Path or Channel
The product requires authentication, but the product has an alternate path or channel that does not require authentication.