CVE-2024-11917
JobSearch WP Job Board <= 2.9.2 - Authentication Bypass via Social LoginsThe JobSearch WP Job Board plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.9.2. This is due to improper configurations in the 'jobsearch_xing_response_data_callback', 'set_access_tokes', and 'google_callback' functions. This makes it possible for unauthenticated attackers to log in as the first connected Xing user, or any connected Xing user if the Xing id is known. It is also possible for unauthenticated attackers to log in as the first connected Google user if the user has logged in, without subsequently logging out, in thirty days. The vulnerability was partially patched in version 2.8.4.
We have discovered 347 live websites that are affected by CVE-2024-11917.
Affected Software
| Product | |
| Category | Wordpress Plugins |
| Vulnerable Domains | 347 live websites (93% of WordPress JobSearch Plugin install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 81 versions ( 84% of all versions) |
Common Weakness Enumeration
CWE-287 Improper AuthenticationDetails
- Published - Apr 25, 2025
- Updated - Jun 17, 2025
Credits
- Friderika Baranyai (finder)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2024-11917 United States | 113 websites |
 GB | 35 websites |
 Germany | 26 websites |
 Netherlands | 20 websites |
 France | 20 websites |
 India | 17 websites |
 Australia | 8 websites |
 Canada | 8 websites |
 Brazil | 7 websites |
 Spain | 7 websites |
Website Distribution by TLD
Number of websites using CVE-2024-11917| .com | 139 websites |
| .nl | 21 websites |
| .co.uk | 20 websites |
| .org | 16 websites |
| .net | 10 websites |
| .fr | 10 websites |
| .de | 9 websites |
| .com.br | 8 websites |
| .it | 6 websites |
| .com.au | 5 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-11917
Top websites that are affected by CVE-2024-11917. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ********.com | Australia | ***,*** | |
| *****************.de | Germany | ***,*** | |
| **********.com | France | ***,*** | |
| ****.***.au | Australia | ***,*** | |
| *******.***.pk |  Pakistan | ***,*** | |
| ******.com | United States | *,***,*** | |
| ***********.de | Germany | *,***,*** | |
| *******.in | United States | *,***,*** | |
| *****************.org | United States | *,***,*** | |
| ********.org | Canada | *,***,*** |
FAQ
CVE-2024-11917 is Improper Authentication in WordPress JobSearch Plugin
A total of 347 websites have been identified as vulnerable to CVE-2024-11917, based on global website indexing conducted by WebTechSurvey.
The WordPress JobSearch Plugin is affected by the CVE-2024-11917 vulnerability.
WordPress JobSearch Plugin versions up to and including 2.9.2 are vulnerable to CVE-2024-11917.