CRITICAL🇵🇱 Wersja polska

CVE-2024-11284

CVSS 9.8v3.1pub. 2025-03-14upd. 2025-07-08

The WP JobHunt plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6.9. This is due to the plugin not properly validating a user's identity prior to updating their password through the account_settings_save_callback() function. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.

🤖 AI Analysis
How it works

The account_settings_save_callback() function responsible for changing the user password does not properly verify the identity of the person sending the request. An attacker without any credentials can send a crafted password change request for a selected account (e.g., administrator). After changing the password, the attacker logs in to the compromised account, gaining full access to its permissions.

Impact

An attacker can take control of any WordPress account, including administrator accounts, which in practice means complete takeover of the website — content modification, backdoor installation, and access to user data.

Mitigation & patch

The WP JobHunt plugin should be updated to a version higher than 6.9. Patches available from the vendor should be applied according to the references. Until the update is applied, it is recommended to consider disabling the plugin or restricting access to the website at the firewall level.

Who is affected

WP JobHunt plugin for WordPress in all versions up to and including 6.9, distributed as part of the Jobcareer theme (Chimpgroup)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Chimpgroup Jobcareer

    APP
    Chimpgroup
    ≤ 7.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth BypassLPE
CWE
References

Related vulnerabilities

CVE-2024-11285CRITICAL9.8PL ✓ten sam produkt

WP JobHunt dla WordPress – przejęcie konta przez zmianę adresu e-mail

CVE-2024-11286CRITICAL9.8PL ✓ten sam produkt

Authentication bypass w WP JobHunt – przejęcie konta administratora

CVE-2024-11283HIGH7.5ten sam produkt

The WP JobHunt plugin for WordPress is vulnerable to authentication bypass in all versions up to, and includin...

CVE-2024-12810HIGH8.8ten sam produkt

The JobCareer | Job Board Responsive WordPress Theme theme for WordPress is vulnerable to unauthorized access,...

CVE-2025-32927CRITICAL9.8PL ✓ten sam vendor

PHP Object Injection w pluginie WordPress FoodBakery (do wersji 3.3)