NuytsTech Security

CVE-2024-13771

by ·

The Civi – Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.1.4. This is due to a lack of user validation before changing a password. This makes it possible for unauthenticated attackers to change the password of arbitrary users, including administrators, if the attacker knows the username of the victim.

More information : http://localhost:1337/wp-content/themes/civi/includes/class-ajax.php#L715

Tags: