CVE-2024-13428

Name of the Vulnerable Software and Affected Versions WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress versions up to, and including, 2.2.6

Description The issue is related to an Insecure Direct Object Reference vulnerability. This vulnerability is due to the lack of validation on a user-controlled key in the deleteCompanyLogo() function. As a result, unauthenticated attackers can delete arbitrary company logos.

Recommendations For versions up to, and including, 2.2.6, update to a version higher than 2.2.6 to resolve the issue. As a temporary workaround, consider disabling the deleteCompanyLogo() function until a patch is available.