HIGH🇵🇱 Wersja polska

CVE-2024-11283

CVSS 7.5v3.1pub. 2025-03-14upd. 2025-07-08

The WP JobHunt plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.1. This is due to wp_ajax_google_api_login_callback function not properly verifying a user's identity prior to authenticating them. This makes it possible for unauthenticated attackers to access arbitrary candidate accounts.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Chimpgroup Jobcareer

    APP
    Chimpgroup
    ≤ 7.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2024-11284CRITICAL9.8PL ✓ten sam produkt

WP JobHunt: nieuwierzytelnione przejęcie konta i privilege escalation

CVE-2024-11285CRITICAL9.8PL ✓ten sam produkt

WP JobHunt dla WordPress – przejęcie konta przez zmianę adresu e-mail

CVE-2024-11286CRITICAL9.8PL ✓ten sam produkt

Authentication bypass w WP JobHunt – przejęcie konta administratora

CVE-2024-12810HIGH8.8ten sam produkt

The JobCareer | Job Board Responsive WordPress Theme theme for WordPress is vulnerable to unauthorized access,...

CVE-2025-32927CRITICAL9.8PL ✓ten sam vendor

PHP Object Injection w pluginie WordPress FoodBakery (do wersji 3.3)