CVE-2024-11917 – Xing and Google Vulnerability: Authentication Bypass in JobSearch WP Job Board Plugin

April 25, 2025

CVE ID : CVE-2024-11917

Published : April 25, 2025, 12:15 p.m. | 3 hours, 28 minutes ago

Description : The JobSearch WP Job Board plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.8.8. This is due to improper configurations in the ‘jobsearch_xing_response_data_callback’, ‘set_access_tokes’, and ‘google_callback’ functions. This makes it possible for unauthenticated attackers to log in as the first connected Xing user, or any connected Xing user if the Xing id is known. It is also possible for unauthenticated attackers to log in as the first connected Google user if the user has logged in, without subsequently logging out, in thirty days. The vulnerability was partially patched in version 2.8.4.

Severity: 8.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-2470 – Nextend Social Login WordPress Plugin Privilege Escalation Vulnerability

Next Article Ubuntu 24.04 Now Available for OrangePi’s New RISC-V SBC

How To Prevent WordPress SQL Injection Attacks

Credit Card Sins

Azul significantly cuts down on false positives in Java vulnerability detection with latest update to Azul Intelligence Cloud

The state of strategic portfolio management

Xbox Games Showcase reveals Indiana Jones and the Great Circle to get new DLC this fall

Tony Hawk’s Pro Skater 3 + 4 demo now is available now if you preorder — Michelangelo is coming too

“The full Call of Duty package”: Black Ops 7 has been confirmed during the Xbox Games Showcase, and no, it is not an expansion

Final Fantasy VII Remake and Final Fantasy XVI are FINALLY launching for Xbox consoles — One of which is available right now!

Neobrutalism CSS Button Generator

Neobrutalism CSS Button Generator

How to Become a Node.js Backend Developer

Professor Rita McGrath on Leading in Times of Uncertainty

Microsoft mocks macOS 26 Liquid Design with Windows Aero throwback (Windows Vista)

Microsoft mocks macOS 26 Liquid Design with Windows Aero throwback (Windows Vista)

Hindsite is a fast, lightweight static website generator

Orange Pi 5 Ultra and Max Single Board Computers Running Linux: Introduction

CVE-2024-11917 – Xing and Google Vulnerability: Authentication Bypass in JobSearch WP Job Board Plugin

SinoTrack GPS Devices Vulnerable to Remote Vehicle Control via Default Passwords

Former Black Basta Members Use Microsoft Teams and Python Scripts in 2025 Attacks

Hollow Knight: Silksong fever grows again as we approach Summer Game Fest — will it finally get a release date?

VeBrain: A Unified Multimodal AI Framework for Visual Reasoning and Real-World Robotic Control

RoboCat: A self-improving robotic agent

Ubuntu Unity vs. GNOME: Choosing the Right Ubuntu Experience for Your Workflow

CVE-2025-39380 – Mojoomla Hospital Management System File Upload Vulnerability

Amazon EC2 SSM Agent Flaw Patched After Privilege Escalation via Path Traversal

Employees Searching Payroll Portals on Google Tricked Into Sending Paychecks to Hackers

CVE-2025-48187 – RAGFlow Authentication Bypass

CVE-2024-11917 – Xing and Google Vulnerability: Authentication Bypass in JobSearch WP Job Board Plugin

Related Posts