The WP Job Board Pro plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.2.76. This is due to the plugin allowing a user to supply the 'role' field when registering. This makes it possible for unauthenticated attackers to register as an administrator on vulnerable sites.
History

Thu, 20 Feb 2025 16:30:00 +0000

Type Values Removed Values Added
First Time appeared Apusthemes
Apusthemes superio
CPEs cpe:2.3:a:apusthemes:superio:*:*:*:*:*:wordpress:*:*
Vendors & Products Apusthemes
Apusthemes superio

Wed, 12 Feb 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 12 Feb 2025 09:30:00 +0000

Type Values Removed Values Added
Description The WP Job Board Pro plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.2.76. This is due to the plugin allowing a user to supply the 'role' field when registering. This makes it possible for unauthenticated attackers to register as an administrator on vulnerable sites.
Title WP Job Board Pro <= 1.2.76 - Unauthenticated Privilege Escalation via process_register
Weaknesses CWE-266
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2025-02-12T16:08:13.748Z

Reserved: 2024-12-04T21:16:33.871Z

Link: CVE-2024-12213

cve-icon Vulnrichment

Updated: 2025-02-12T14:58:27.798Z

cve-icon NVD

Status : Analyzed

Published: 2025-02-12T10:15:08.737

Modified: 2025-02-20T16:08:26.203

Link: CVE-2024-12213

cve-icon Redhat

No data.