WP JobHunt Privilege Escalation Vulnerability via Email Update in WordPress

Vulnerability

A privilege escalation vulnerability allowing account takeover has been identified in the WP JobHunt plugin for WordPress, affecting all versions through 7.1. The issue arises because the plugin fails to properly validate a user's identity before allowing changes to account details, such as email addresses, through the account_settings_callback() function. This vulnerability enables unauthenticated attackers to modify email addresses of any user, including administrators. Once an email address is changed, the attacker can reset the user's password and gain access to their account.

Impact

Exploitation of this vulnerability allows for unauthorized privilege escalation and account takeover, enabling attackers to gain access to user accounts with potentially elevated privileges, such as administrator rights.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

5.0

exploitability

7.6

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

5.0

exploitability

7.6

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WP JobHunt Privilege Escalation Vulnerability via Email Update in WordPress

Vulnerability

Impact

Affected Products

WP JobHunt

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating