← Back

CVE-2024-12213

nvd nist
Published: Feb 12, 2025Modified: Apr 8, 2026

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: security@wordfence.com (Secondary)

Description

The WP Job Board Pro plugin for WordPress is vulnerable to privilege escalation in all versions up to 2.3.16. This is due to the plugin allowing a user to supply the 'role' field when registering. This makes it possible for unauthenticated attackers to register as an administrator on vulnerable sites. Please note that this may have been patched sooner, however, the oldest available version for us to confirm this is patched in was 1.2.85.

Affected (1)

Products: Apusthemes: Superio
Apusthemes
1 product
Superio
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Superio
Up to 1.2.76

Related CWEs

CWE-266
Incorrect Privilege Assignment
A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

References (2)

Source: security@wordfence.com
Product
Source: security@wordfence.com
Third Party Advisory

Timeline

No history available yet.