CVE Vulnerabilities

CVE-2024-12213

Incorrect Privilege Assignment

Published: Feb 12, 2025 | Modified: Feb 20, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

The WP Job Board Pro plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.2.76. This is due to the plugin allowing a user to supply the role field when registering. This makes it possible for unauthenticated attackers to register as an administrator on vulnerable sites.

Weakness

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

Affected Software

Name Vendor Start Version End Version
Superio Apusthemes * 1.2.76 (including)

Potential Mitigations

References