Themes Vulnerabilities

Jobify - Job Board WordPress Theme <= 4.2.3 - Unauthenticated Arbitrary File Read

Description

The jobify theme for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 4.2.3. This makes it possible for unauthenticated attackers to read arbitrary files on the affected site's server which may contain sensitive information including DB credentials.

Affects Themes

jobify
No known fix

References

CVE
CVE-2024-52481
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/78af7acb-bcaf-4ad9-807e-4a95a522f8c5

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
8.2 (high)

Miscellaneous

Original Researcher
Ananda Dhakal
Verified
No
WPVDB ID
2d3edc58-aca5-45a3-b98d-3379a5a736a2

Timeline

Publicly Published
2024-11-18 (about 1 year ago)
Added
2024-11-26 (about 1 year ago)
Last Updated
2024-11-26 (about 1 year ago)

Other

Published
Title
Published
2024-02-02
Title
Smart Forms < 2.6.87 - Subscriber+ Arbitrary Entry Deletion
Published
2025-04-07
Title
Hive Support < 1.2.6 - Missing Authorization
Published
2025-02-03
Title
OnePress <= 2.3.11 - Missing Authorization
Published
2025-01-24
Title
WP Duplicate – WordPress Migration Plugin < 1.1.7 - Missing Authorization
Published
2024-04-22
Title
Integrate Google Drive < 1.3.91 - Missing Authorization