CVE-2024-11917 – Xing and Google Vulnerability: Authentication Bypass in JobSearch WP Job Board Plugin

April 25, 2025

CVE ID : CVE-2024-11917

Published : April 25, 2025, 12:15 p.m. | 3 hours, 28 minutes ago

Description : The JobSearch WP Job Board plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.8.8. This is due to improper configurations in the ‘jobsearch_xing_response_data_callback’, ‘set_access_tokes’, and ‘google_callback’ functions. This makes it possible for unauthenticated attackers to log in as the first connected Xing user, or any connected Xing user if the Xing id is known. It is also possible for unauthenticated attackers to log in as the first connected Google user if the user has logged in, without subsequently logging out, in thirty days. The vulnerability was partially patched in version 2.8.4.

Severity: 8.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-2470 – Nextend Social Login WordPress Plugin Privilege Escalation Vulnerability

Next Article Ubuntu 24.04 Now Available for OrangePi’s New RISC-V SBC

Sunshine And March Vibes (2025 Wallpapers Edition)

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

Windows Recall finally launches, Oblivion Remastered surprise drops, and Drug Dealer Simulator devs speak out

This tiny Bluetooth speaker delivers loud, distortion-free sound – and it’s on sale

Are you playing The Elder Scrolls 4: Oblivion Remastered, and if so, what do you think? — Weekend discussion 💬

I’ve been trying to figure out why these AR glasses cost $700, but I’m frankly stumped

Perficient Included in IDC Market Glance: Healthcare Provider Operational IT Solutions, 1Q25

Perficient Included in IDC Market Glance: Healthcare Provider Operational IT Solutions, 1Q25

Natural Language Q&A in Optimizely CMS Using Azure OpenAI and AI Search

Closing Deals Faster: The Future of Sales with AI & Personalization

Windows Recall finally launches, Oblivion Remastered surprise drops, and Drug Dealer Simulator devs speak out

Windows Recall finally launches, Oblivion Remastered surprise drops, and Drug Dealer Simulator devs speak out

Windows 11 24H2 colourful battery icons for taskbar are still coming, but no ETA, says Microsoft

Git Interactive Rebase Tool – terminal-based sequence editor for interactive rebase

CVE-2024-11917 – Xing and Google Vulnerability: Authentication Bypass in JobSearch WP Job Board Plugin

April 2025 Patch Tuesday: One Zero-Day and 11 Critical Vulnerabilities Among 121 CVEs

Microsoft “.library-ms” File / NTLM Information Disclosure (Resurrected 2025)

Explore new ways to accelerate your creative workflows

How publishers use Figma to help design the news

Voice Cloning, Fake Videos & More: AI Is Making Scams Unstoppable

I haven’t even decided which ending to Atomfall I want to do first, and someone is already speedrunning the game in under half an hour

Back in BlackEnergy *: 2014 Targeted Attacks in Ukraine and Poland

PINE: Efficient Norm-Bound Verification for Secret-Shared Vectors

Affordable Full Zip Hoodies Wholesale

To build a better AI helper, start by modeling the irrational behavior of humans

CVE-2024-11917 – Xing and Google Vulnerability: Authentication Bypass in JobSearch WP Job Board Plugin

Related Posts