CVE-2024-11286
CVSS 3.1 Score 9.8 of 10 (high)
Details
Published Mar 14, 2025
CWE ID 288
Summary
CVE-2024-11286 is a critical vulnerability affecting the WP JobHunt plugin for WordPress. The issue lies in the plugin's failure to adequately verify user identities before authentication, allowing unauthenticated attackers to bypass authentication and gain access to any user's account, including administrator accounts, through the cs_parse_request() function. This vulnerability poses a significant security risk and urgent action is required for all WP JobHunt users to update to the latest version or implement alternative security measures.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.