CVE-2024-11285 in WP JobHunt Plugin
Summary
by MITRE • 03/14/2025
The WP JobHunt plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 7.1. This is due to the plugin not properly validating a user's identity prior to updating their details like email via the account_settings_callback() function. This makes it possible for unauthenticated attackers to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 07/08/2025
The WP JobHunt plugin for WordPress presents a critical privilege escalation vulnerability that enables unauthenticated attackers to takeover user accounts through improper authentication validation mechanisms. This vulnerability affects all plugin versions up to and including 7.1 and stems from insufficient user identity verification within the account_settings_callback() function. The flaw creates a pathway for attackers to manipulate user account details without proper authorization, fundamentally compromising the plugin's security model and user authentication framework.
The technical implementation of this vulnerability resides in the account_settings_callback() function which fails to validate user credentials before processing email address modifications. This validation gap allows attackers to submit malicious requests that update user email addresses without proper authentication. The vulnerability specifically targets the email update functionality, enabling attackers to change any user's email address including high-privilege administrator accounts. The absence of proper session validation or authentication checks creates an exploitable condition that violates fundamental security principles of access control and user identity verification.
The operational impact of this vulnerability extends beyond simple account takeover to enable full privilege escalation within the WordPress environment. Once an attacker successfully changes a user's email address, they can leverage the standard WordPress password reset functionality to gain complete control over the compromised account. This creates a cascading security risk where attackers can potentially escalate their privileges from regular users to administrators, especially if they can identify and target administrator accounts. The vulnerability essentially undermines the core authentication mechanisms of WordPress and the WP JobHunt plugin, making it a critical threat to website security and user data integrity.
Security professionals should note this vulnerability aligns with CWE-287 which addresses improper authentication issues and relates to ATT&CK technique T1078 for valid accounts and T1531 for account access removal. The flaw represents a classic case of insufficient access control validation that allows attackers to bypass normal authentication procedures. Organizations using WP JobHunt plugin should immediately implement mitigations including plugin updates to versions that address this vulnerability, implementing additional security measures such as two-factor authentication, and monitoring for unauthorized email address changes in user accounts. The vulnerability also highlights the importance of proper input validation and authentication checks in web applications, particularly in user management functions where privilege escalation risks are elevated.