GCVE - cpe:2.3:a:uxper:civi:*:*:*:*:*:wordpress:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:uxper:civi:*:*:*:*:*:wordpress:*:*

part: a version: * update: *

Vendor	Uxper (`6c56a358-8d6f-5c7d-9d6e-386b1220c2cf`)
Product	Civi (`c3b683b3-003f-55ee-aa36-d46a13fdcf21`)
Edition	*
Language	*
Software edition	*
Target software	wordpress
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-13773`	vulnerable	2026-06-08 06:25:38.481585	Civi - Job Board & Freelance Marketplace WordPress Theme <= 2.1.4 - Sensitive Information Exposure HIGH (7.3) The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.4 via hard-coded credentials. This makes it possible for unauthenticated attackers to extract sensitive data including LinkedIn client and secret keys. Published: 2025-03-14T11:15:53.544Z Updated: 2026-04-08T17:29:23.058Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/e3499182-7501-4fec-a7c6-b66ae47533cd?source=cve http://localhost:1337/wp-content/themes/civi/includes/class-init.php#L36	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-13772`	vulnerable	2026-06-08 06:25:38.481282	Civi - Job Board & Freelance Marketplace WordPress Theme <= 2.1.6.1 - Authentication Bypass MEDIUM (5.6) The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.1.6.1. This is due to a lack of password randomization and user validation through the fb_ajax_login_or_register and google_ajax_login_or_register actions. This makes it possible for unauthenticated attackers to login as any user as long as they have access to the email. Published: 2025-03-14T11:15:53.188Z Updated: 2026-04-08T17:19:21.991Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/bf04f458-7900-4dd3-84fb-169b74db97ab?source=cve https://themeforest.net/item/civi-job-board-wordpress-theme/42770817#item-description__changelogs	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-13771`	vulnerable	2026-06-08 06:25:38.480870	Civi - Job Board & Freelance Marketplace WordPress Theme <= 2.1.4 - Authentication Bypass via Password Update CRITICAL (9.8) The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.1.4. This is due to a lack of user validation before changing a password. This makes it possible for unauthenticated attackers to change the password of arbitrary users, including administrators, if the attacker knows the username of the victim. Published: 2025-03-14T11:15:52.455Z Updated: 2026-04-08T16:55:12.686Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/5ab2c74d-b83b-40ea-951c-83aeb76a7515?source=cve https://themeforest.net/item/civi-job-board-wordpress-theme/42770817	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.