CVE-2024-12824 Scanner

Nokri – Job Board is a WordPress theme designed for recruitment and employment purposes. It is frequently used by companies, recruitment agencies, and individuals looking to build job listing websites. The platform allows employers to post jobs, and potential employees to apply online. It is feature-rich, offering functionalities such as resume builder, paid job listings, career counseling, and more. This theme aims to simplify the process of connecting employers with employees. Its application is straightforward, making it accessible even to those with minimal technical knowledge.

This scanner detects a critical security vulnerability where unauthorized users can change passwords, including those of administrators in the Nokri – Job Board WordPress Theme. The vulnerability is due to improper verification of empty token values during password reset operations. This flaw allows attackers to escalate their privileges by taking over accounts. Such vulnerabilities could lead to significant security breaches if not addressed. It is crucial to detect and patch this vulnerability to maintain the integrity of the job board operations.

The technical aspect of this vulnerability involves the lack of adequate checks for token validation in the password reset functionality. Users communicate with the server via HTTP POST requests, where parameters like 'action', 'sb_data', and 'sb_new_password' manage password resets. However, due to insufficient validation checks especially for the 'token' parameter, attackers can manipulate these requests to reset passwords without needed authorization. Specifically, the endpoints 'admin-ajax.php' and 'wp-login.php' are susceptible when sending crafted requests. Upon successful exploitation, an unauthorized login becomes feasible.

Exploitation of this vulnerability can lead to severe impacts, particularly unauthorized access to sensitive accounts. An attacker could take control of administrative accounts, leading to complete site compromise. They may alter, delete, or leak sensitive information, post fake job listings, or demand ransom for regaining access control. This breach can result in reputational damage, loss of user trust, and potentially legal repercussions for failing to protect user data. Preventive measures should be implemented immediately to mitigate these risks.

REFERENCES

• https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-themes/nokri-2/nokri-job-board-wordpress-theme-162-unauthenticated-arbitrary-password-change
• https://themeforest.net/item/nokri-job-board-wordpress-theme/22677241
• https://www.wordfence.com/threat-intel/vulnerabilities/id/60a7cce0-637f-49bd-aa4a-fd7023d99a64?source=cve
• https://github.com/20142995/nuclei-templates