CVE-2024-13698: The Jobify - Job Board WordPress Theme for WordPress is vulnerable to unauthorized access and modification of data due t
mediumvulnerabilityLLM-Specific
security
Summary
The Jobify WordPress theme (versions up to 4.2.7) has a missing authorization vulnerability that allows unauthenticated attackers to bypass security checks on two AI image functions. Attackers can exploit this to upload image files from arbitrary locations and generate AI images using the site's OpenAI API key without permission.
Vulnerability Details
CVSS Score
6.5(medium)
EPSS (30-day exploit probability)
EPSS: 0.5%
Classification
Attack Type
PII Leakage
Attack SophisticationTrivial
Impact (CIA+S)
confidentialityintegrity
Affected Vendors
OpenAI
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2024-13698
First tracked: February 15, 2026 at 08:49 PM
Classified by LLM (prompt v3) · confidence: 85%