- Description
- The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to unauthorized arbitrary emails sending due to a missing capability check on the sendEmailToJobSeeker() function in all versions up to, and including, 2.2.6. This makes it possible for unauthenticated attackers to send arbitrary emails with arbitrary content from the sites mail server.
- Source
- security@wordfence.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 5.3
- Impact score
- 1.4
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
- Severity
- MEDIUM
- security@wordfence.com
- CWE-862
- Hype score
- Not currently trending
CVE-2024-13371 Unauthorized Arbitrary Email Sending Vulnerability in WP Job Portal Plugin Up to Version 2.2.6 https://t.co/vUWiOCZRWn
@VulmonFeeds
1 Feb 2025
166 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-13371 The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to unauthorized arbitrary emails sending due to … https://t.co/P5jwiJfFhw
@CVEnew
1 Feb 2025
642 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wpjobportal:wp_job_portal:*:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"matchCriteriaId": "2B60A620-1CDA-4081-830E-9CBCE75F10E3",
"versionEndExcluding": "2.2.7"
}
],
"operator": "OR"
}
]
}
]