JobCareer WordPress Theme Missing Authorization Vulnerability Allowing Unauthorized Administrative Actions
Vulnerability
A vulnerability exists in the JobCareer | Job Board Responsive WordPress Theme, affecting all versions through 7.1. The issue stems from inadequate capability checks on several functions, allowing authenticated users with Subscriber-level access and higher to perform unauthorized actions. These actions include deleting arbitrary files, generating and restoring backups, updating theme options, and resetting theme options to their default settings. This vulnerability could lead to unauthorized access, modification, and loss of data.
Impact
Exploitation of this vulnerability could result in unauthorized access to administrative functions, allowing affected users to manipulate theme options, manage backups, and delete files, potentially leading to data loss or disruption of site functionality.
Remediation
No known patch is available. Users are advised to review the vulnerability details and consider uninstalling the affected theme.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.