CVE-2025-3918

The Job Listings plugin for WordPress is vulnerable to Privilege Escalation due to improper authorization within the register_action() function in versions 0.1 to 0.1.1. The plugin’s registration handler reads the client-supplied $_POST['user_role'] and passes it directly to wp_insert_user() without restricting to a safe set of roles. This makes it possible for unauthenticated attackers to elevate their privileges to that of an administrator.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://plugins.trac.wordpress.org/browser/job-listings/trunk/includes/forms/class-jlt-form-member.php#L68
https://wordpress.org/plugins/job-listings/#developers
https://www.wordfence.com/threat-intel/vulnerabilities/id/c9cd43f5-c3d0-4eb2-9c18-1af2edca37ff?source=cve

Configurations

No configuration.

History

05 May 2025, 20:54

Type	Values Removed	Values Added
Summary		(es) El complemento Job Listings para WordPress es vulnerable a la escalada de privilegios debido a una autorización incorrecta en la función register_action() en las versiones 0.1 a 0.1.1. El controlador de registro del complemento lee el $_POST['user_role'] proporcionado por el cliente y lo pasa directamente a wp_insert_user() sin restringirlo a un conjunto seguro de roles. Esto permite que atacantes no autenticados eleven sus privilegios a los de administrador.

03 May 2025, 03:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-03 03:15

Updated : 2025-05-05 20:54

NVD link : CVE-2025-3918

Mitre link : CVE-2025-3918

CVE.ORG link : CVE-2025-3918

JSON object : View

Products Affected

No product.

CWE

CWE-285

Improper Authorization

9.8 /10