Plattform
wordpress
Komponente
jobmonster
Behoben in
4.7.1
CVE-2024-37928 describes an Arbitrary File Access vulnerability within the Jobmonster WordPress plugin. This flaw allows attackers to manipulate files on the server, potentially leading to unauthorized access and data compromise. The vulnerability impacts Jobmonster versions up to 4.7.0, and a patch is available in version 4.7.1.
The Arbitrary File Access vulnerability in Jobmonster allows an attacker to read or write files outside of the intended directory. This can be exploited to read sensitive configuration files, database credentials, or even upload malicious code. Successful exploitation could lead to complete server compromise, data theft, and denial of service. The ability to write arbitrary files significantly expands the attack surface, potentially enabling remote code execution if the attacker can upload a web shell or modify existing PHP files.
CVE-2024-37928 was published on 2024-07-12. Currently, there are no publicly available proof-of-concept exploits. The vulnerability is not listed on the CISA KEV catalog as of this writing. Monitor security advisories and threat intelligence feeds for any indications of active exploitation.
WordPress websites utilizing the Jobmonster plugin, particularly those running versions prior to 4.7.1, are at risk. Shared hosting environments where users have limited control over plugin configurations are especially vulnerable, as are websites with legacy configurations that haven't been regularly updated.
• wordpress / composer / npm:
grep -r "../" /var/www/html/wp-content/plugins/jobmonster/*• generic web:
curl -I http://your-wordpress-site.com/wp-content/plugins/jobmonster/wp-admin/admin.php?page=jobmonster-settings&file=../../../../etc/passwd• wordpress / composer / npm:
wp plugin list --status=inactive | grep jobmonsterdisclosure
Exploit-Status
EPSS
0.65% (71% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2024-37928 is to immediately upgrade Jobmonster to version 4.7.1 or later. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) rule to block requests containing path traversal sequences (e.g., ../). Restrict file upload permissions and carefully review any file uploads to ensure they are validated and sanitized. Regularly scan your WordPress installation for vulnerabilities using a reputable security plugin.
Actualice el tema Jobmonster a la última versión disponible. Si no hay una versión disponible, considere deshabilitar o reemplazar el tema con una alternativa segura. Consulte el registro de cambios del tema para obtener más detalles sobre la corrección de la vulnerabilidad.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-37928 is a HIGH severity vulnerability in Jobmonster WordPress plugin allowing attackers to manipulate files. It affects versions ≤4.7.0 and can lead to data exposure and server compromise.
If you are using Jobmonster version 4.7.0 or earlier, you are affected by this vulnerability. Check your plugin version and upgrade immediately.
Upgrade Jobmonster to version 4.7.1 or later. As a temporary workaround, implement a WAF rule to block path traversal attempts.
Currently, there are no confirmed reports of active exploitation, but the vulnerability's nature suggests potential for future exploitation.
Refer to the Jobmonster plugin website or the NooTheme support channels for the official advisory and further details.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.