- Description
- The Jobify - Job Board WordPress Theme for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the 'download_image_via_ai' and 'generate_image_via_ai' functions in all versions up to, and including, 4.2.7. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application to upload files in an image format, and to generate AI images using the site's OpenAI key.
- Source
- security@wordfence.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 6.5
- Impact score
- 2.5
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
- Severity
- MEDIUM
- security@wordfence.com
- CWE-862
- Hype score
- Not currently trending
CVE-2024-13698 Unauthorized Data Modification in Jobify WordPress Theme Up to 4.2.7 https://t.co/bI9tOJdn5G
@VulmonFeeds
24 Jan 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-13698 The Jobify - Job Board WordPress Theme for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the 'download_… https://t.co/5LUJXiYPOE
@CVEnew
24 Jan 2025
216 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:astoundify:jobify:*:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"matchCriteriaId": "A6DF3EF4-D48B-4F05-9C70-377BEF125F81",
"versionEndIncluding": "4.2.7"
}
],
"operator": "OR"
}
]
}
]