The WP JobHunt plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.1. This is due to the plugin not properly verifying a user's identity prior to authenticating them through the cs_parse_request() function. This makes it possible for unauthenticated attackers to to log in to any user's account, including administrators.
The vulnerability results from improper user identity verification in the cs_parse_request() function. The plugin does not properly check whether the requester is actually who they claim to be before proceeding with the authentication process. As a result, an attacker can send a crafted request and obtain a session for any user without providing correct login credentials. The absence of any prerequisites (no authorization, no user interaction) makes the attack trivial to perform remotely.
An attacker can gain full control of the WordPress website by logging in as an administrator, enabling content modification, installation of malicious plugins, theft of user data, and further actions within the infrastructure.
The WP JobHunt plugin should be updated to a version higher than 7.1. Patches available from the vendor should be applied according to references. Until the update is completed, it is recommended to disable the plugin or restrict access to the website at the firewall level.
The WP JobHunt plugin for WordPress in all versions up to and including 7.1 (product associated with the Jobcareer theme by Chimpgroup).
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HChimpgroup Jobcareer
APPChimpgroup≤ 7.1
Related vulnerabilities
WP JobHunt: nieuwierzytelnione przejęcie konta i privilege escalation
WP JobHunt dla WordPress – przejęcie konta przez zmianę adresu e-mail
The WP JobHunt plugin for WordPress is vulnerable to authentication bypass in all versions up to, and includin...
The JobCareer | Job Board Responsive WordPress Theme theme for WordPress is vulnerable to unauthorized access,...
PHP Object Injection w pluginie WordPress FoodBakery (do wersji 3.3)