CVE-2024-12131
📋 TL;DR
This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to submit resumes on behalf of other applicants when applying for jobs through the WP Job Portal plugin. Attackers can manipulate job applications without authorization, affecting all WordPress sites using vulnerable versions of this plugin.
💻 Affected Systems
- WP Job Portal – A Complete Recruitment System for Company or Job Board
📦 What is this software?
Wp Job Portal by Wpjobportal
⚠️ Risk & Real-World Impact
Worst Case
Malicious users could submit fraudulent or malicious resumes under other applicants' names, potentially damaging reputations, causing legal issues, or interfering with legitimate hiring processes.
Likely Case
Attackers submit inappropriate resumes for other users, causing confusion and administrative overhead for site administrators who must clean up fraudulent applications.
If Mitigated
With proper access controls and monitoring, impact is limited to minor administrative cleanup and potential reputation damage to affected applicants.
🎯 Exploit Status
Exploitation requires authenticated access but is technically simple once authenticated.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.2.6
Vendor Advisory: https://plugins.trac.wordpress.org/browser/wp-job-portal/tags/2.2.6/modules/jobapply/model.php?rev=3216415
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find WP Job Portal plugin. 4. Click 'Update Now' if update available. 5. If no update appears, manually download version 2.2.6+ from WordPress repository and replace plugin files.
🔧 Temporary Workarounds
Disable Job Application Feature
allTemporarily disable the job application functionality until patched
Restrict User Registration
allDisable new user registrations to prevent new attackers from gaining access
🧯 If You Can't Patch
- Implement additional server-side validation for all job application submissions
- Monitor application logs for suspicious activity and implement rate limiting
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel → Plugins → Installed Plugins → WP Job Portal version numberCheck Version:
wp plugin list --name='WP Job Portal' --field=versionVerify Fix Applied:
Verify plugin version is 2.2.6 or higher in WordPress admin panel📡 Detection & Monitoring
Log Indicators:
- Multiple resume submissions from same user ID for different applicant IDs
- Unusual application patterns or timestamps
Network Indicators:
- POST requests to job application endpoints with manipulated user/applicant parameters
SIEM Query:
source="wordpress.log" AND "wp-job-portal" AND "jobapply" AND ("user_id" != "applicant_id")