Critical severity9.8NVD Advisory· Published Mar 14, 2025· Updated Apr 8, 2026
CVE-2024-13771
CVE-2024-13771
Description
The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.1.4. This is due to a lack of user validation before changing a password. This makes it possible for unauthenticated attackers to change the password of arbitrary users, including administrators, if the attacker knows the username of the victim.
Affected products
3- Range: <=2.1.4
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.