PT-2025-9156 · WordPress · The Nokri – Job Board Wordpress Theme

Lucio Sá

Published

2025-03-01

Updated

2025-03-06

CVE-2024-12824

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions The Nokri – Job Board WordPress Theme versions up to, and including, 1.6.2

Description The issue allows for privilege escalation via account takeover due to the plugin not properly checking for an empty token value prior to updating user details, such as the password. This enables unauthenticated attackers to change the password of arbitrary users, including administrators, and gain access to their accounts.

Recommendations For versions up to, and including, 1.6.2, update to a version that includes a fix for this issue to prevent privilege escalation via account takeover.

Fix

LPE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-620

Related Identifiers

CVE-2024-12824

Affected Products

The Nokri – Job Board Wordpress Theme

PT-2025-9156 · WordPress · The Nokri – Job Board Wordpress Theme

CVE-2024-12824

Weakness Enumeration

Related Identifiers

Affected Products

References · 11