- Published on
-
Dec 14, 2024
- Research Description
-
The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the assignUserRole() function in all versions up to, and including, 2.2.2. This makes it possible for unauthenticated attackers to elevate their privileges to that of an employer.
- Affected versions
-
Min -, max 2.2.3.
| Previous vulnerability researches |
|
WP Job Portal – A Complete Job Board
(CVE-2024-11711)
, Dec 15, 2024
|
|
WP Job Portal – A Complete Job Board
(CVE-2024-35759)
, Jun 22, 2024
|
|
WP Job Portal – A Complete Job Board
(CVE-2024-35760)
, Jun 22, 2024
|
|
WP Job Portal – A Complete Job Board
(CVE-2024-11714)
, Dec 15, 2024
|
|
WP Job Portal – A Complete Job Board
(CVE-2024-11710)
, Dec 15, 2024
|
| New vulnerability |
|
SKT Page Builder
(CVE-2024-12848)
, Jan 10, 2025
|
|
Deliver via Shipos for WooCommerce
(CVE-2024-12222)
, Jan 10, 2025
|
|
SEMA API
(CVE-2024-12285)
, Jan 10, 2025
|
|
Post Grid Master – Custom Post Types, Taxonomies & Ajax Filter Everything with Infinite Scroll, Load More, Pagination
(CVE-2024-11642)
, Jan 10, 2025
|
|
Yumpu ePaper publishing
(CVE-2024-12621)
, Jan 10, 2025
|