CRITICAL🇵🇱 Wersja polska

CVE-2024-11285

CVSS 9.8v3.1pub. 2025-03-14upd. 2025-07-08

The WP JobHunt plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 7.1. This is due to the plugin not properly validating a user's identity prior to updating their details like email via the account_settings_callback() function. This makes it possible for unauthenticated attackers to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account.

🤖 AI Analysis
How it works

The account_settings_callback() function does not properly verify user identity before updating their data. An unauthenticated attacker can call this function and change the email address of any account, including the administrator account. After changing the email address, the attacker initiates a standard password reset procedure to a new address controlled by them, and then gains full access to the compromised account (privilege escalation through account takeover).

Impact

An attacker can take full control of any WordPress account, including the administrator account, resulting in complete site takeover – ability to modify content, install backdoors, and steal user data.

Mitigation & patch

Update the WP JobHunt plugin to a version higher than 7.1 as soon as possible. Details regarding available patches should be verified in the producer's references (Wordfence and ThemeForest).

Who is affected

The WP JobHunt plugin for WordPress in all versions up to and including 7.1, used in conjunction with the Jobcareer theme (Chimpgroup).

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Chimpgroup Jobcareer

    APP
    Chimpgroup
    ≤ 7.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth BypassLPE
CWE
References

Related vulnerabilities

CVE-2024-11284CRITICAL9.8PL ✓ten sam produkt

WP JobHunt: nieuwierzytelnione przejęcie konta i privilege escalation

CVE-2024-11286CRITICAL9.8PL ✓ten sam produkt

Authentication bypass w WP JobHunt – przejęcie konta administratora

CVE-2024-11283HIGH7.5ten sam produkt

The WP JobHunt plugin for WordPress is vulnerable to authentication bypass in all versions up to, and includin...

CVE-2024-12810HIGH8.8ten sam produkt

The JobCareer | Job Board Responsive WordPress Theme theme for WordPress is vulnerable to unauthorized access,...

CVE-2025-32927CRITICAL9.8PL ✓ten sam vendor

PHP Object Injection w pluginie WordPress FoodBakery (do wersji 3.3)