CVE-2024-13698

Sažetak

The Jobify - Job Board WordPress Theme for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the 'download_image_via_ai' and 'generate_image_via_ai' functions in all versions up to, and including, 4.2.7. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application to upload files in an image format, and to generate AI images using the site's OpenAI key.

Reference

https://themeforest.net/item/jobify-wordpress-job-board-theme/5247604
https://www.wordfence.com/threat-intel/vulnerabilities/id/393811e4-71dd-4359-80fa-5a3d146439bb?source=cve

CVSS

Base:	6.5
Impact:	2.5
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
LOW	LOW	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Zadnje važnije ažuriranje

07-02-2025 - 20:15

Objavljeno

24-01-2025 - 16:15