HIGH🇬🇧 English

CVE-2024-12810

CVSS 8.8v3.1pub. 2025-03-14upd. 2025-03-27

The JobCareer | Job Board Responsive WordPress Theme theme for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability checks on multiple functions in all versions up to, and including, 7.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files, generate backups, restore backups, update theme options, and reset theme options to default settings.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Chimpgroup Jobcareer

    APP
    Chimpgroup
    ≤ 7.1
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2024-11284CRITICAL9.8PL ✓ten sam produkt

WP JobHunt: nieuwierzytelnione przejęcie konta i privilege escalation

CVE-2024-11285CRITICAL9.8PL ✓ten sam produkt

WP JobHunt dla WordPress – przejęcie konta przez zmianę adresu e-mail

CVE-2024-11286CRITICAL9.8PL ✓ten sam produkt

Authentication bypass w WP JobHunt – przejęcie konta administratora

CVE-2024-11283HIGH7.5ten sam produkt

The WP JobHunt plugin for WordPress is vulnerable to authentication bypass in all versions up to, and includin...

CVE-2025-32927CRITICAL9.8PL ✓ten sam vendor

PHP Object Injection w pluginie WordPress FoodBakery (do wersji 3.3)