CVE-2024-13698

Name of the Vulnerable Software and Affected Versions Jobify - Job Board WordPress Theme for WordPress versions up to, and including, 4.2.7

Description The issue concerns unauthorized access and modification of data due to a missing capability check in the download image via ai and generate image via ai functions. This allows unauthenticated attackers to make web requests to arbitrary locations to upload files in image format and generate AI images using the site's OpenAI key.

Recommendations For versions up to, and including, 4.2.7, update to a version later than 4.2.7 to resolve the issue. As a temporary workaround, consider disabling the download image via ai and generate image via ai functions until a patch is available. Restrict access to the OpenAI key to minimize the risk of exploitation.