CVE-2024-12824
CRITICALCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2Description
The Nokri - Job Board WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.6.2. This is due to the plugin not properly checking for an empty token value prior updating their details like password. This makes it possible for unauthenticated attackers to change arbitrary user's password, including administrators, and leverage that to gain access to their account.
Analysis
The Nokri Job Board WordPress theme through version 1.6.2 contains a privilege escalation via account takeover. The password reset handler fails to check for empty token values, allowing unauthenticated attackers to reset any user's password including administrators by submitting an empty verification token.
Technical Context
The email confirmation/password reset handler compares the submitted token against the stored token without checking for empty or null values. When both tokens are empty (the user hasn't requested a reset), the comparison succeeds. An attacker can reset any user's password by submitting an empty token for a target user ID.
Affected Products
['Nokri Job Board WordPress Theme <= 1.6.2']
Remediation
Update the Nokri theme immediately. Implement proper token validation that rejects empty/null values. Force password resets for all users. Review the user database for unauthorized changes.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today