CVE-2024-11925

Name of the Vulnerable Software and Affected Versions JobSearch WP Job Board plugin for WordPress versions up to 2.6.7

Description The issue arises from the plugin not properly verifying a user's identity when verifying an email address through the user account activation function. This allows unauthenticated attackers to log in as any user, including site administrators, if the user's email is known.

Recommendations For versions up to 2.6.7, update to a version later than 2.6.7 to resolve the issue. As a temporary workaround, consider disabling the user account activation function until a patch is available. Restrict access to the email verification feature to minimize the risk of exploitation.