CVE-2024-11715

14 Dic 2024

Título es

CVE-2024-11715

Sáb, 14/12/2024 – 07:15

Tipo

CWE-862

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-11715

Descripción en

The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the assignUserRole() function in all versions up to, and including, 2.2.2. This makes it possible for unauthenticated attackers to elevate their privileges to that of an employer.

14/12/2024

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Gravedad 3.1 (CVSS 3.1 Base Score)

4.80

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

MEDIUM

Referencias

https://gist.github.com/tvnnn/9b706643c5f88989c98815be8b101e11

https://plugins.trac.wordpress.org/changeset/3202327/wp-job-portal/tags/2.2.3/modules/user/controller.php?old=3187129&old_path=wp-job-portal/tags/2.2.2/modules/user/controller.php

https://www.wordfence.com/threat-intel/vulnerabilities/id/4107199d-e3c7-4379-b39d-1868de7d777b?source=cve

Enviar en el boletín