{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2024-11925","assignerOrgId":"b15e7b5b-3da4-40ae-a43c-f7aa60e62599","state":"PUBLISHED","assignerShortName":"Wordfence","dateReserved":"2024-11-27T18:26:49.008Z","datePublished":"2024-11-28T07:14:07.539Z","dateUpdated":"2026-04-08T16:33:15.499Z"},"containers":{"cna":{"providerMetadata":{"orgId":"b15e7b5b-3da4-40ae-a43c-f7aa60e62599","shortName":"Wordfence","dateUpdated":"2026-04-08T16:33:15.499Z"},"affected":[{"vendor":"eyecix","product":"JobSearch WP Job Board","versions":[{"version":"0","status":"affected","lessThanOrEqual":"2.6.7","versionType":"semver"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"The JobSearch WP Job Board plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.6.7. This is due to the plugin not properly verifying a users identity when verifying an email address through the user_account_activation function. This makes it possible for unauthenticated attackers to log in as any user, including site administrators if the users email is known."}],"title":"WP JobSearch <= 2.6.7 - Authentication Bypass to Account Takeover and Privilege Escalation","references":[{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/04bc8101-2676-4695-a498-f79be8221617?source=cve"},{"url":"https://codecanyon.net/item/jobsearch-wp-job-board-wordpress-plugin/21066856"}],"problemTypes":[{"descriptions":[{"lang":"en","description":"CWE-288 Authentication Bypass Using an Alternate Path or Channel","cweId":"CWE-288","type":"CWE"}]}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL"}}],"credits":[{"lang":"en","type":"finder","value":"Tonn"}],"timeline":[{"time":"2024-11-27T19:13:40.000Z","lang":"en","value":"Disclosed"}]},"adp":[{"affected":[{"vendor":"eyecix","product":"jobsearch_wp_job_board","cpes":["cpe:2.3:a:eyecix:jobsearch_wp_job_board:-:*:*:*:*:wordpress:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThanOrEqual":"2.6.7","versionType":"semver"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-11-29T15:33:46.283379Z","id":"CVE-2024-11925","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-11-29T15:35:07.980Z"}}]}}