CVE-2024-37928: 
WordPress vulnerability analysis and mitigation

A path traversal vulnerability (CVE-2024-37928) was discovered in NooTheme Jobmonster WordPress theme affecting versions up to 4.7.0. The vulnerability allows unauthenticated attackers to perform file manipulation through improper limitation of pathname to restricted directories (Patchstack).

The vulnerability is classified as CWE-22 (Improper Limitation of a Pathname to a Restricted Directory) and has received a CVSS v3.1 base score of 8.6 (High) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H. The vulnerability specifically allows for arbitrary file deletion functionality that can be exploited without authentication (Patchstack).

This vulnerability could allow malicious actors to delete files from affected websites. If core files are deleted, it could cause the site to break and stop functioning. The high CVSS score indicates this is a severe vulnerability that could lead to significant system compromise (Patchstack).

Users are advised to update to version 4.7.5 or later immediately to resolve this vulnerability. Patchstack has issued a virtual patch to mitigate this issue by blocking any attacks until users can update to a fixed version (Patchstack).