CVE-2024-11286

Published: Mar 14, 2025Modified: Jul 8, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: security@wordfence.com (Secondary)

Description

The WP JobHunt plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.1. This is due to the plugin not properly verifying a user's identity prior to authenticating them through the cs_parse_request() function. This makes it possible for unauthenticated attackers to to log in to any user's account, including administrators.

Affected (1)

Products: Chimpgroup: Jobcareer

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Chimpgroup Jobcareer	Up to 7.1

Related CWEs

Authentication Bypass Using an Alternate Path or Channel

A product requires authentication, but the product has an alternate path or channel that does not require authentication.

References (2)

https://themeforest.net/item/jobcareer-job-board-responsive-wordpress-theme/14221636

Source: security@wordfence.com

Product

https://www.wordfence.com/threat-intel/vulnerabilities/id/91754c4d-a0d0-4d35-a70a-446d2bdf6c73?source=cve

Source: security@wordfence.com

Third Party Advisory

Timeline

No history available yet.