vulnerability

WordPress Plugin: wp-job-board: CVE-2024-12213: Incorrect Privilege Assignment

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
10	(AV:N/AC:L/Au:N/C:C/I:C/A:C)	Feb 11, 2025	Oct 21, 2025	Oct 21, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:C/A:C)

Published

Feb 11, 2025

Added

Oct 21, 2025

Modified

Oct 21, 2025

Description

The WP Job Board plugin for WordPress is vulnerable to privilege escalation in all versions up to 2.3.16. This is due to the plugin allowing a user to supply the 'role' field when registering. This makes it possible for unauthenticated attackers to register as an administrator on vulnerable sites. Please note that this may have been patched sooner, however, the oldest available version for us to confirm this is patched in was 2.3.16.

Solution

wp-job-board-plugin-cve-2024-12213

References

URL-https://www.cve.org/CVERecord?id=CVE-2024-12213
URL-https://www.wordfence.com/threat-intel/vulnerabilities/id/7cdfce88-b6c2-4820-9d6f-446f61b9b596?source=api-prod
CVE-2024-12213
https://attackerkb.com/topics/CVE-2024-12213
CWE-266

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today