CVE-2024-12824
Nokri – Job Board WordPress Theme <= 1.6.2 - Unauthenticated Arbitrary Password ChangeThe Nokri – Job Board WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.6.2. This is due to the plugin not properly checking for an empty token value prior updating their details like password. This makes it possible for unauthenticated attackers to change arbitrary user's password, including administrators, and leverage that to gain access to their account.
We have discovered 1 live websites that are affected by CVE-2024-12824.
Affected Software
| Product | |
| Category | Wordpress Themes |
| Vulnerable Domains | 1 live websites (100% of Nokri install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 0 versions ( less than 0.1% of all versions) |
Common Weakness Enumeration
CWE-620 Unverified Password ChangeDetails
- Published - Mar 1, 2025
- Updated - Mar 3, 2025
Credits
- Lucio Sá (finder)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2024-12824 United States | 1 websites |
Website Distribution by TLD
Number of websites using CVE-2024-12824| .org | 1 websites |
Websites affected by CVE-2024-12824
Top websites that are affected by CVE-2024-12824. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| **************.org | United States | **,***,*** |
FAQ
CVE-2024-12824 is Unverified Password Change in Nokri
A total of 1 websites have been identified as vulnerable to CVE-2024-12824, based on global website indexing conducted by WebTechSurvey.
The Nokri is affected by the CVE-2024-12824 vulnerability.
Nokri versions up to and including 1.6.2 are vulnerable to CVE-2024-12824.