CVE-2024-13873

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Feb 22, 2025

Updated: Mar 11, 2025

CWE ID 639

Summary

CVE-2024-13873 is a vulnerability affecting the WP Job Portal plugin for WordPress. This issue, present in versions 2.2.8 and below, permits authenticated attackers, with Subscriber access or higher, to execute an Insecure Direct Object Reference attack through the deleteUserPhoto() function. The flaw arises due to a lack of validation on a user-controlled key, allowing the attacker to delete profile photos from other users' accounts. It's important to note that this vulnerability does not result in a complete file deletion.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/3V0m5O
https://www.cve.org/CVERecord?id=CVE-2024-13873
https://nvd.nist.gov/vuln/detail/CVE-2024-13873

Back to Vulnerability Database

CVE-2024-13873

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations