CVE-2024-11283 | THREATINT

Description

The WP JobHunt plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.1. This is due to wp_ajax_google_api_login_callback function not properly verifying a user's identity prior to authenticating them. This makes it possible for unauthenticated attackers to access arbitrary candidate accounts.

PUBLISHED Reserved 2024-11-15 | Published 2025-03-14 | Updated 2025-03-14 | Assigner Wordfence

HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Problem types

CWE-289 Authentication Bypass by Alternate Name

Timeline

2025-03-13:

Disclosed

Credits

Tonn finder

References

www.wordfence.com/...-c014-47f1-9537-73881ede30b4?source=cve

themeforest.net/...board-responsive-wordpress-theme/14221636

cve.org (CVE-2024-11283)

nvd.nist.gov (CVE-2024-11283)

Download JSON