CVE-2024-13371

1 Feb 2025

Título es

CVE-2024-13371

Sáb, 01/02/2025 – 08:15

Tipo

CWE-862

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-13371

Descripción en

The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to unauthorized arbitrary emails sending due to a missing capability check on the sendEmailToJobSeeker() function in all versions up to, and including, 2.2.6. This makes it possible for unauthenticated attackers to send arbitrary emails with arbitrary content from the sites mail server.

01/02/2025

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Gravedad 3.1 (CVSS 3.1 Base Score)

5.30

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

MEDIUM

Referencias

https://gist.github.com/g1-nhantv/31b04bc057046ecc54c3552387eb7bca

https://plugins.trac.wordpress.org/changeset/3229608/wp-job-portal/tags/2.2.7/modules/jobapply/model.php?old=3216415&old_path=wp-job-portal/tags/2.2.6/modules/jobapply/model.php

https://www.wordfence.com/threat-intel/vulnerabilities/id/a84a4c56-a44e-450d-91fc-024f8ddeedee?source=cve

Enviar en el boletín