Critical severity9.8NVD Advisory· Published Nov 28, 2024· Updated Apr 15, 2026

CVE-2024-11925

Description

The JobSearch WP Job Board plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.6.7. This is due to the plugin not properly verifying a users identity when verifying an email address through the user_account_activation function. This makes it possible for unauthenticated attackers to log in as any user, including site administrators if the users email is known.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

codecanyon.net/item/jobsearch-wp-job-board-wordpress-plugin/21066856nvd
www.wordfence.com/threat-intel/vulnerabilities/id/04bc8101-2676-4695-a498-f79be8221617nvd

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000