First published: Fri Mar 14 2025(Updated: )
The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.1.4. This is due to a lack of user validation before changing a password. This makes it possible for unauthenticated attackers to change the password of arbitrary users, including administrators, if the attacker knows the username of the victim.
Credit: security@wordfence.com
Affected Software | Affected Version | How to fix |
---|---|---|
Civi Job Board & Freelance Marketplace WordPress Theme | <=2.1.4 | |
CiviWordpress | <=2.1.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-13771 has been assessed to have a high severity due to the potential for unauthorized access through authentication bypass.
To fix CVE-2024-13771, update the Civi Job Board & Freelance Marketplace WordPress Theme plugin to version 2.1.5 or newer.
Any users of the Civi Job Board & Freelance Marketplace WordPress Theme plugin version 2.1.4 or earlier are affected by CVE-2024-13771.
CVE-2024-13771 allows unauthenticated attackers to bypass user authentication and potentially change user passwords.
CVE-2024-13771 was published on April 10, 2024.