CVE-2024-7950
📋 TL;DR
This vulnerability in the WP Job Portal WordPress plugin allows unauthenticated attackers to execute arbitrary PHP code on the server through local file inclusion, modify any plugin settings, and create administrator accounts even when user registration is disabled. All WordPress sites using WP Job Portal version 2.1.6 or earlier are affected. The CVSS 9.8 score reflects the critical nature of this vulnerability.
💻 Affected Systems
- WP Job Portal – A Complete Recruitment System for Company or Job Board website
📦 What is this software?
Wp Job Portal by Wpjobportal
⚠️ Risk & Real-World Impact
Worst Case
Complete server compromise leading to data theft, ransomware deployment, website defacement, and creation of persistent backdoor administrator accounts.
Likely Case
Attackers create administrator accounts, upload web shells, and gain full control over the WordPress site and potentially the underlying server.
If Mitigated
Limited impact if proper web application firewalls and file integrity monitoring are in place, though the vulnerability still exists.
🎯 Exploit Status
The vulnerability is in publicly accessible plugin functions and requires minimal technical skill to exploit.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.1.7 or later
Vendor Advisory: https://wordpress.org/plugins/wp-job-portal/#developers
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find WP Job Portal and click 'Update Now'. 4. Alternatively, download version 2.1.7+ from WordPress.org and manually replace the plugin files.
🔧 Temporary Workarounds
Disable WP Job Portal Plugin
allTemporarily deactivate the vulnerable plugin until patched
wp plugin deactivate wp-job-portal
Web Application Firewall Rule
allBlock requests to vulnerable plugin endpoints
# Add rule to block requests containing 'checkFormRequest' parameter
🧯 If You Can't Patch
- Immediately disable the WP Job Portal plugin
- Implement strict file upload restrictions and disable PHP execution in upload directories
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Installed Plugins for WP Job Portal version 2.1.6 or earlierCheck Version:
wp plugin get wp-job-portal --field=versionVerify Fix Applied:
Verify WP Job Portal plugin version is 2.1.7 or higher in WordPress admin📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to wp-job-portal endpoints
- checkFormRequest parameter in access logs
- Unexpected administrator account creation
Network Indicators:
- HTTP requests containing 'checkFormRequest' parameter
- Unusual file uploads to wp-job-portal directories
SIEM Query:
source="web_access_logs" AND (uri_path="*wp-job-portal*" AND (param="checkFormRequest" OR status_code=200 AND user_agent="*curl*" OR user_agent="*wget*"))🔗 References
- https://plugins.trac.wordpress.org/browser/wp-job-portal/tags/2.1.5/includes/formhandler.php
- https://plugins.trac.wordpress.org/browser/wp-job-portal/tags/2.1.5/includes/includer.php
- https://plugins.trac.wordpress.org/browser/wp-job-portal/tags/2.1.5/includes/wpjobportal-hooks.php
- https://plugins.trac.wordpress.org/browser/wp-job-portal/tags/2.1.5/modules/configuration/controller.php
- https://plugins.trac.wordpress.org/browser/wp-job-portal/tags/2.1.5/modules/user/controller.php
- https://plugins.trac.wordpress.org/browser/wp-job-portal/tags/2.1.5/modules/user/tmpl/views/frontend/form-field.php
- https://plugins.trac.wordpress.org/changeset/3138675/
- https://www.wordfence.com/threat-intel/vulnerabilities/id/ca1d5275-3398-47a7-889b-4050ebe635ee?source=cve
