Platform
wordpress
Component
wp-jobsearch
Fixed in
2.3.5
CVE-2024-43245 is a critical Improper Privilege Management vulnerability discovered in eyecix JobSearch, a WordPress plugin. This vulnerability allows attackers to escalate their privileges within the system, potentially leading to full site compromise. It impacts versions of JobSearch prior to 2.3.5, and a patch is available in version 2.3.5.
The Improper Privilege Management flaw allows an attacker to bypass intended access controls and gain elevated privileges on the WordPress site where JobSearch is installed. This could enable them to modify user roles, install malicious plugins, access sensitive data, or even take complete control of the website. The potential blast radius is significant, as a successful exploit could compromise the entire WordPress installation and any connected databases or services. This is particularly concerning for sites using JobSearch for sensitive data handling or user authentication.
CVE-2024-43245 was publicly disclosed on August 19, 2024. The vulnerability's critical CVSS score (9.8) indicates a high probability of exploitation. As of this writing, there are no publicly available proof-of-concept exploits, but the ease of privilege escalation vulnerabilities often leads to rapid exploit development. Monitor security advisories and threat intelligence feeds for updates on exploitation activity.
Exploit Status
EPSS
0.35% (58% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2024-43245 is to immediately upgrade to eyecix JobSearch version 2.3.5 or later. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider temporarily restricting access to the JobSearch plugin's administrative interface. While not a complete solution, this can limit the attacker's ability to exploit the vulnerability. Monitor WordPress access logs for suspicious activity, particularly attempts to modify user roles or install plugins from untrusted sources. Implement a Web Application Firewall (WAF) with rules to block attempts to exploit privilege escalation vulnerabilities.
Update the JobSearch plugin to the latest available version. The most recent version includes a fix for the privilege escalation vulnerability. To update, go to the WordPress admin panel, 'Plugins' section, and search for 'JobSearch'. If an update is available, click 'Update now'.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-43245 is a critical vulnerability in the eyecix JobSearch WordPress plugin that allows attackers to gain elevated privileges, potentially compromising the entire website.
Yes, if you are using eyecix JobSearch version 2.3.4 or earlier, you are affected by this vulnerability and should upgrade immediately.
Upgrade to eyecix JobSearch version 2.3.5 or later to remediate the vulnerability. If immediate upgrade is not possible, restrict access to the plugin's admin interface.
While no public exploits are currently available, the critical severity and ease of exploitation suggest a high likelihood of active exploitation in the near future.
Refer to the official eyecix JobSearch plugin documentation and WordPress security announcements for the latest advisory and updates.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.