CVE-2024-11917 is an authentication bypass vulnerability classified under CWE-287, affecting the JobSearch WP Job Board plugin for WordPress in all versions up to and including 2.9.2. The root cause lies in improper authentication checks within the 'jobsearch_xing_response_data_callback', 'set_access_tokes', and 'google_callback' functions. These functions handle OAuth or similar login callbacks for Xing and Google accounts. Due to flawed logic, unauthenticated attackers can impersonate users by exploiting session or token handling weaknesses. Specifically, attackers can log in as the first connected Xing user or any connected Xing user if the attacker knows the Xing user ID. Similarly, attackers can log in as the first connected Google user if that user has logged in within the last 30 days and has not logged out. The vulnerability was partially mitigated in version 2.8.4 but remains exploitable in subsequent versions up to 2.9.2. The CVSS v3.1 score is 8.1, indicating high severity, with network attack vector, high attack complexity, no privileges or user interaction required, and impacts on confidentiality, integrity, and availability. No known public exploits exist yet, but the vulnerability poses a significant risk to WordPress sites using this plugin, potentially allowing unauthorized access to user accounts and sensitive data.

This vulnerability allows unauthenticated attackers to bypass authentication and gain unauthorized access to user accounts linked via Xing or Google OAuth integrations. The impact includes potential data breaches, unauthorized actions performed under compromised accounts, and disruption of service integrity. Attackers could access sensitive personal or corporate information, manipulate job board postings, or escalate privileges within the affected WordPress site. This undermines user trust and may lead to regulatory compliance violations, especially in regions with strict data protection laws. The availability of accounts to attackers could also facilitate further attacks such as phishing or lateral movement within the organization’s network. Given the plugin's use in recruitment and job posting, the exposure of candidate or employer data could have significant reputational and operational consequences.

Organizations using the JobSearch WP Job Board plugin should immediately upgrade to a version beyond 2.9.2 once a fully patched release is available. Until then, they should consider disabling the affected OAuth login integrations (Xing and Google) to prevent exploitation. Implementing additional authentication layers such as multi-factor authentication (MFA) for user logins can reduce risk. Monitoring login activities for unusual patterns, especially logins from unknown IPs or multiple simultaneous sessions, can help detect exploitation attempts. Web application firewalls (WAFs) should be configured to detect and block suspicious requests targeting the vulnerable callback endpoints. Site administrators should review and restrict plugin permissions and audit user sessions regularly. Finally, maintaining regular backups and incident response plans will help mitigate damage if exploitation occurs.