Vulnerability Details
Basic Information
| Title | CVE-2024-11917 JobSearch WP Job Board <= 2.8.8 - Authentication Bypass via Social Logins |
|---|---|
| Type | vulnrichment |
| Published | 2025-04-25T11:12:52 |
| Last Seen | 2025-04-25T14:26:57 |
| CVSS Score | 8.1 (HIGH) |
CVSS v3 Details
| Attack Vector | NETWORK |
|---|---|
| Attack Complexity | HIGH |
| Privileges Required | NONE |
| User Interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality Impact | HIGH |
| Integrity Impact | HIGH |
| Availability Impact | HIGH |
CVE Information
| CVE IDs | CVE-2024-11917 |
|---|---|
| CWE | CWE-287 |
| Bulletin Family | cve |
Description
The JobSearch WP Job Board plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.8.8. This is due to improper configurations in the ‘jobsearch_xing_response_data_callback’, ‘set_access_tokes’, and ‘google_callback’ functions. This makes it possible for unauthenticated attackers to log in as the first connected Xing user, or any connected Xing user if the Xing id is known. It is also possible for unauthenticated attackers to log in as the first connected Google user if the user has logged in, without subsequently logging out, in thirty days. The vulnerability was partially patched in version 2.8.4.
Impact Assessment
| Base Score | 8.1 |
|---|---|
| Severity | HIGH |