CVE-2024-11715

Published Dec 14, 2024

Last updated 21 days ago

CVSS medium 4.8

Overview

Description: The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the assignUserRole() function in all versions up to, and including, 2.2.2. This makes it possible for unauthenticated attackers to elevate their privileges to that of an employer.
Source: security@wordfence.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

Weaknesses

security@wordfence.com: CWE-862

Hype score: Not currently trending

CVE-2024-11715 Privilege Escalation Flaw in WP Job Portal WordPress Plugin The WP Job Portal – A Complete Recruitment System plugin for WordPress has a vulnerability. This problem is because there is no capabilit... https://t.co/mJm7ywyVJv
@VulmonFeeds
14 Dec 2024
59 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:wpjobportal:wp_job_portal:*:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "990D05B3-6114-4654-9399-4A620CAED94A",
            "versionEndExcluding": "2.2.3"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References