CVE-2024-13772 – Civi Job Board & Freelance Marketplace WordPress Theme Plugin Authentication Bypass

March 14, 2025
1:16 pm

CVE ID : CVE-2024-13772

Published : March 14, 2025, 12:15 p.m. | 42 minutes ago

Description : The Civi – Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.1.4. This is due to a lack of randomization of a password created during Single Sign-On via Google or Facebook. This makes it possible for unauthenticated attackers to change the password of arbitrary Candidate-level users if the attacker knows the username assigned to the victim during account creation.

Severity: 5.6 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2024-13772 – Civi Job Board & Freelance Marketplace WordPress Theme Plugin Authentication Bypass

Elvescore.io

Recent Posts

CVE-2024-12810 – The JobCareer | Job Board Responsive WordPress Theme Unauthenticated Remote Code Execution and Data Manipulation

CVE-2024-13771 – Civi WordPress Theme Unauthenticated Password Change Bypass