Authentication Bypass by Alternate Name

CVE-2024-11283

High

7.5/10

Summary

The WP JobHunt plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.1. This is due to wp_ajax_google_api_login_callback function not properly verifying a user's identity prior to authenticating them. This makes it possible for unauthenticated attackers to access arbitrary candidate accounts.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-289 - Authentication Bypass by Alternate Name

The software performs authentication based on the name of a resource being accessed, or the name of the actor performing the access, but it does not properly check all possible names for that resource or actor.

References

Advisory Timeline

Published Mar 14, 2025

Authentication Bypass by Alternate Name

CVE-2024-11283

Summary

CWE-289 - Authentication Bypass by Alternate Name

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS