CVE-2024-11283

Description

The WP JobHunt plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.1. This is due to wp_ajax_google_api_login_callback function not properly verifying a user's identity prior to authenticating them. This makes it possible for unauthenticated attackers to access arbitrary candidate accounts.

CVSS v3.1 Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Weakness Type (CWE)

CWE-289 CWE-289

Affected Products

Vendor	Product	Versions
chimpgroup	jobcareer	< 7.1

References

Other References

https://themeforest.net/item/jobcareer-job-board-responsive-wordpress-theme/14221636 https://www.wordfence.com/threat-intel/vulnerabilities/id/cfa487fb-c014-47f1-9537-73881ede30b4?source=cve

Frequently Asked Questions

What is CVE-2024-11283? +

The WP JobHunt plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.1. This is due to wp_ajax_google_api_login_callback function not properly verifying a user's identity prior to authenticating them. This makes it possible for unauthenticated attackers to access arbitrary candidate accounts. It has a CVSS v3.1 base score of 7.5 (HIGH).

How severe is CVE-2024-11283? +

CVE-2024-11283 has a CVSS v3.1 score of 7.5 out of 10, rated HIGH. This is a high-severity vulnerability that should be prioritized for patching.

What products are affected by CVE-2024-11283? +

CVE-2024-11283 affects products from chimpgroup, specifically: jobcareer. Check the affected products table above for specific version ranges.

How do I check if I'm vulnerable to CVE-2024-11283? +

You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2025-13613 9.8

The Elated Membership plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.2. This …

CVE-2024-56511 9.8

DataEase is an open source data visualization analysis tool. Prior to 2.10.4, there is a flaw in the authentication in …

CVE-2025-29266 9.6

Unraid 7.0.0 before 7.0.1 allows remote users to access the Unraid WebGUI and web console as root without authentication if …

CVE-2024-55634 8.1

A vulnerability in Drupal Core allows Privilege Escalation.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, …

CVE-2025-64343 7.8

(conda) Constructor is a tool that enables users to create installers for conda package collections. In versions 3.12.2 and below, …

CVE-2024-2098 7.5

The Download Manager plugin for WordPress is vulnerable to unauthorized access of data due to an improper authorization check on …