CVE-2024-13873 – This vulnerability allows authenticated WordPre... (How to Fix)

Q: What is the severity of CVE-2024-13873?

CVE-2024-13873 has a CVSS score of 4.3 (MEDIUM). This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to delete profile photos from other user accounts. It affects all versions of the WP Job Portal plugin up to 2.2.8. Attackers can exploit this by manipulating user IDs in requests to the deleteUserPhoto() function.

📋 TL;DR

This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to delete profile photos from other user accounts. It affects all versions of the WP Job Portal plugin up to 2.2.8. Attackers can exploit this by manipulating user IDs in requests to the deleteUserPhoto() function.

💻 Affected Systems

Products:

WP Job Portal – A Complete Recruitment System for Company or Job Board

Versions: All versions up to and including 2.2.8

Operating Systems: All operating systems running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WordPress installation with WP Job Portal plugin enabled. Attackers need at least Subscriber-level authenticated access.

📦 What is this software?

Wp Job Portal by Wpjobportal

View all CVEs affecting Wp Job Portal →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Mass deletion of user profile photos across the entire WordPress site, potentially disrupting user experience and causing confusion.

🟠

Likely Case

Targeted deletion of profile photos from specific user accounts, causing minor disruption and requiring manual restoration.

🟢

If Mitigated

No impact if proper authorization checks are implemented or plugin is updated.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access but is technically simple - involves manipulating user ID parameters in HTTP requests.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.2.9

Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3242653/wp-job-portal/tags/2.2.9/includes/classes/uploads.php?old=3238353&old_path=wp-job-portal%2Ftags%2F2.2.8%2Fincludes%2Fclasses%2Fuploads.php

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find WP Job Portal plugin. 4. Click 'Update Now' if update is available. 5. Alternatively, download version 2.2.9+ from WordPress repository and manually update.

🔧 Temporary Workarounds

Temporary Plugin Deactivation

all

Disable the WP Job Portal plugin until patched

wp plugin deactivate wp-job-portal

Access Restriction

all

Restrict plugin access to trusted users only using WordPress roles

🧯 If You Can't Patch

Implement web application firewall rules to block suspicious deleteUserPhoto requests
Monitor and audit user photo deletion activities in WordPress logs

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel → Plugins → WP Job Portal version. If version is 2.2.8 or lower, system is vulnerable.

Check Version:

wp plugin get wp-job-portal --field=version

Verify Fix Applied:

Verify plugin version is 2.2.9 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

Multiple DELETE requests to uploads.php with different user ID parameters
Unusual pattern of profile photo deletions from non-admin users

Network Indicators:

HTTP POST/DELETE requests to wp-job-portal endpoints with manipulated user_id parameters

SIEM Query:

source="wordpress.log" AND "deleteUserPhoto" AND user_role="subscriber"

📊 Metadata

CVE ID: CVE-2024-13873

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CWE: CWE-639

EPSS Score: 0.05% exploit probability (14th percentile)

Published: February 22, 2025

Last Updated: March 11, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-13873, you might also want to check these: