{"data":{"id":"2c40e793-4c34-4938-87de-a77755b0f355","title":"CVE-2024-13698: The Jobify - Job Board WordPress Theme for WordPress is vulnerable to unauthorized access and modification of data due t","summary":"The Jobify WordPress theme (versions up to 4.2.7) has a missing authorization vulnerability that allows unauthenticated attackers to bypass security checks on two AI image functions. Attackers can exploit this to upload image files from arbitrary locations and generate AI images using the site's OpenAI API key without permission.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2024-13698","publishedAt":"2025-01-24T21:15:34.597Z","cveId":"CVE-2024-13698","cweIds":["CWE-862"],"cvssScore":"6.5","cvssSeverity":"medium","severity":"medium","attackType":["pii_leakage"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["OpenAI"],"affectedVendorsRaw":["OpenAI"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00485,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-122"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality","integrity"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}