The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.1.4. This is due to a lack of user validation before changing a password. This makes it possible for unauthenticated attackers to change the password of arbitrary users, including administrators, if the attacker knows the username of the victim.
References
| Link | Resource |
|---|---|
| http://localhost:1337/wp-content/themes/civi/includes/class-ajax.php#L715 | Broken Link |
| https://www.wordfence.com/threat-intel/vulnerabilities/id/5ab2c74d-b83b-40ea-951c-83aeb76a7515?source=cve | Third Party Advisory |
Configurations
History
28 Mar 2025, 16:18
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:uxper:civi:*:*:*:*:*:wordpress:*:* | |
| First Time |
Uxper civi
Uxper |
27 Mar 2025, 01:27
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.9 |
| CPE | cpe:2.3:a:yxper:civi:*:*:*:*:*:wordpress:*:* | |
| CWE | CWE-306 | |
| References | () http://localhost:1337/wp-content/themes/civi/includes/class-ajax.php#L715 - Broken Link | |
| References | () https://www.wordfence.com/threat-intel/vulnerabilities/id/5ab2c74d-b83b-40ea-951c-83aeb76a7515?source=cve - Third Party Advisory | |
| First Time |
Yxper civi
Yxper |
14 Mar 2025, 12:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-03-14 12:15
Updated : 2025-03-28 16:18
NVD link : CVE-2024-13771
Mitre link : CVE-2024-13771
JSON object : View
Products Affected
uxper
- civi