CVE-2024-13372
📋 TL;DR
This vulnerability allows unauthenticated attackers to download user resumes without authorization in the WP Job Portal WordPress plugin. It affects all WordPress sites using this plugin up to version 2.2.6. The issue stems from missing validation on user-controlled parameters in two functions.
💻 Affected Systems
- WP Job Portal – A Complete Recruitment System for Company or Job Board
📦 What is this software?
Wp Job Portal by Wpjobportal
⚠️ Risk & Real-World Impact
Worst Case
Mass exfiltration of all user resumes containing sensitive personal information (names, contact details, work history, education) leading to privacy violations and potential identity theft.
Likely Case
Unauthorized access to individual resumes containing personal identifiable information, violating privacy regulations and potentially enabling targeted phishing attacks.
If Mitigated
Limited exposure if resumes contain minimal sensitive data or if access controls prevent exploitation attempts.
🎯 Exploit Status
Exploitation requires no authentication and minimal technical skill due to direct object reference manipulation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.2.7
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find WP Job Portal plugin. 4. Click 'Update Now' if update available. 5. If no update shows, manually download version 2.2.7 from WordPress repository and replace plugin files.
🔧 Temporary Workarounds
Disable Plugin
allTemporarily disable the vulnerable plugin until patched.
wp plugin deactivate wp-job-portal
Restrict Access via WAF
allBlock requests to vulnerable endpoints using web application firewall rules.
🧯 If You Can't Patch
- Implement strict network access controls to limit plugin exposure to trusted IPs only.
- Monitor access logs for unusual resume download patterns and implement rate limiting.
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel → Plugins → Installed Plugins for WP Job Portal version. If version is 2.2.6 or lower, system is vulnerable.Check Version:
wp plugin get wp-job-portal --field=versionVerify Fix Applied:
After update, verify plugin version shows 2.2.7 in WordPress admin panel and test resume download functionality with unauthorized user.📡 Detection & Monitoring
Log Indicators:
- Unusual volume of GET requests to resume download endpoints from unauthenticated users
- 404 errors followed by successful resume downloads indicating ID enumeration
Network Indicators:
- HTTP requests to /wp-content/plugins/wp-job-portal/modules/resume/controller.php with resume ID parameters from unauthenticated sources
SIEM Query:
source="web_logs" AND (uri="/wp-content/plugins/wp-job-portal/modules/resume/controller.php" OR uri LIKE "%getresumefiledownloadbyid%" OR uri LIKE "%getallresumefiles%") AND user_agent NOT LIKE "%WordPress%" AND status_code=200