CVE-2024-11286 | THREATINT

Description

The WP JobHunt plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.1. This is due to the plugin not properly verifying a user's identity prior to authenticating them through the cs_parse_request() function. This makes it possible for unauthenticated attackers to to log in to any user's account, including administrators.

PUBLISHED Reserved 2024-11-15 | Published 2025-03-14 | Updated 2025-03-14 | Assigner Wordfence

CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-288 Authentication Bypass Using an Alternate Path or Channel

Timeline

2025-03-13:

Disclosed

Credits

Tonn finder

References

www.wordfence.com/...-a0d0-4d35-a70a-446d2bdf6c73?source=cve

themeforest.net/...board-responsive-wordpress-theme/14221636

cve.org (CVE-2024-11286)

nvd.nist.gov (CVE-2024-11286)

Download JSON