The WP JobHunt plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.1. This is due to wp_ajax_google_api_login_callback function not properly verifying a user's identity prior to authenticating them. This makes it possible for unauthenticated attackers to access arbitrary candidate accounts.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NChimpgroup Jobcareer
APPChimpgroup≤ 7.1
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Auth Bypass
CWE
Powiązane podatności
CVE-2024-11284CRITICAL9.8PL ✓ten sam produkt
WP JobHunt: nieuwierzytelnione przejęcie konta i privilege escalation
CVE-2024-11285CRITICAL9.8PL ✓ten sam produkt
WP JobHunt dla WordPress – przejęcie konta przez zmianę adresu e-mail
CVE-2024-11286CRITICAL9.8PL ✓ten sam produkt
Authentication bypass w WP JobHunt – przejęcie konta administratora
CVE-2024-12810HIGH8.8ten sam produkt
The JobCareer | Job Board Responsive WordPress Theme theme for WordPress is vulnerable to unauthorized access,...
CVE-2025-32927CRITICAL9.8PL ✓ten sam vendor
PHP Object Injection w pluginie WordPress FoodBakery (do wersji 3.3)