Vulnerabilities > CVE-2024-12810 - Missing Authorization vulnerability in Chimpgroup Jobcareer

CVSS 8.1 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

chimpgroup

CWE-862

NVD

Published: 2025-03-14

Updated: 2025-03-27

Summary

The JobCareer | Job Board Responsive WordPress Theme theme for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability checks on multiple functions in all versions up to, and including, 7.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files, generate backups, restore backups, update theme options, and reset theme options to default settings.

Vulnerable Configurations

Part	Description	Count
Application	Chimpgroup Chimpgroup Jobcareer *	1

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://themeforest.net/item/jobcareer-job-board-responsive-wordpress-theme/14221636
https://www.wordfence.com/threat-intel/vulnerabilities/id/24889552-0db6-44e6-9b12-f31b5e92a42e?source=cve