CVE-2024-12824
published 2025-03-01CVE-2024-12824: The Nokri – Job Board WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including…
PriorityP275critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
2.16%
79.9th percentile
The Nokri – Job Board WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.6.2. This is due to the plugin not properly checking for an empty token value prior updating their details like password. This makes it possible for unauthenticated attackers to change arbitrary user's password, including administrators, and leverage that to gain access to their account.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| scriptsbundle | nokri_job_board_wordpress_theme | <= 1.6.2 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect unauthenticated POST requests to /wp-admin/admin-ajax.php with action=sb_reset_password and a token value of empty or '-sb-uid-<id>' pattern, indicating exploitation of CVE-2024-12824. ↗
- →A successful exploit response body contains the string '1|Password Changed successfully.' — monitor HTTP responses to admin-ajax.php for this pattern. ↗
- →After password change, attacker logs in via /wp-login.php; watch for a 302 redirect containing both '/wp-admin' and 'wordpress_logged_in' in the response headers immediately following an unauthenticated admin-ajax password-reset request. ↗
- →The exploit targets user ID 1 (administrator) by default; look for the token pattern '-sb-uid-1' in POST body parameters to admin-ajax.php. ↗
- ·The vulnerability affects Nokri – Job Board WordPress Theme versions up to and including 1.6.2 only; patched versions are not affected. ↗
- ·The nuclei template is marked 'intrusive' — running it will actively change the target administrator's password; use only in authorized testing environments. ↗
- ·The root cause is the absence of a check for an empty token value before updating user passwords; detection logic should account for both empty tokens and the crafted '-sb-uid-<id>' token format. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Nokri – Job Board WordPress Theme <= 1.6.2 - Unauthenticated Arbitrary Password Change
nuclei·CVSS 9.8
CVE-2024-12824 [CRITICAL] Nokri – Job Board WordPress Theme <= 1.6.2 - Unauthenticated Arbitrary Password Change
Nokri – Job Board WordPress Theme <= 1.6.2 - Unauthenticated Arbitrary Password Change
The Nokri – Job Board WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.6.2. This is due to the plugin not properly checking for an empty token value prior updating their details like password. This makes it possible for unauthenticated attackers to change arbitrary user's password, including administrators, and leverage that to gain access to their account.
Template:
id: CVE-2024-12824
info:
name: Nokri – Job Board WordPress Theme <= 1.6.2 - Unauthenticated Arbitrary Password Change
author: iamnoooob,rootxharsh,pdresearch
severity: critical
description: |
The Nokri – Job Board WordPress Theme theme for WordPress is
No writeups or analysis indexed.
2025-03-01
Published