Description
Path Traversal vulnerability in NotFound WPJobBoard allows Path Traversal. This issue affects WPJobBoard: from n/a through n/a.
Published: 2025-04-15
Score: 5.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A path traversal flaw in the WordPress WPJobBoard plugin allows an attacker to read files outside the intended directory. This weakness, identified as CWE-35, can expose sensitive documents, configuration files, or credentials, potentially leading to further compromise of the underlying system.

Affected Systems

All WordPress sites running any version of the WPJobBoard plugin earlier than 5.11.1 are affected. The vulnerability is present in all pre‑5.11.1 releases, regardless of specific minor version numbers.

Risk and Exploitability

The CVSS score of 5.4 indicates moderate severity, while an EPSS score of < 1% suggests that exploitation is unlikely at present. The vulnerability is not listed in the CISA KEV catalog. The attack likely involves submitting a specially crafted request to the plugin’s file handling functionality, inferring that user input is not properly sanitized to prevent directory traversal."

Generated by OpenCVE AI on April 30, 2026 at 22:55 UTC.

Remediation

Vendor Solution

Update the WordPress WPJobBoard plugin to the latest available version (at least 5.11.1).

OpenCVE Recommended Actions

  • Upgrade the WordPress WPJobBoard plugin to version 5.11.1 or later.
  • If an immediate upgrade is not possible, disable the WPJobBoard plugin until the patch is applied.
  • Review web server configuration to restrict file access to the plugin directory and limit exposure of sensitive files.

Generated by OpenCVE AI on April 30, 2026 at 22:55 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-11106 Path Traversal vulnerability in NotFound WPJobBoard allows Path Traversal. This issue affects WPJobBoard: from n/a through n/a.
History

Tue, 28 Apr 2026 19:45:00 +0000

Type Values Removed Values Added
References

Tue, 28 Apr 2026 18:30:00 +0000

Type Values Removed Values Added
Description Path Traversal: '.../...//' vulnerability in NotFound WPJobBoard wpjobboard allows Path Traversal.This issue affects WPJobBoard: from n/a through < 5.11.1. Path Traversal vulnerability in NotFound WPJobBoard allows Path Traversal. This issue affects WPJobBoard: from n/a through n/a.
References

Thu, 23 Apr 2026 15:30:00 +0000

Type Values Removed Values Added
References

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Description Path Traversal vulnerability in NotFound WPJobBoard allows Path Traversal. This issue affects WPJobBoard: from n/a through n/a. Path Traversal: '.../...//' vulnerability in NotFound WPJobBoard wpjobboard allows Path Traversal.This issue affects WPJobBoard: from n/a through < 5.11.1.
References

Wed, 16 Apr 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 15 Apr 2025 22:00:00 +0000

Type Values Removed Values Added
Description Path Traversal vulnerability in NotFound WPJobBoard allows Path Traversal. This issue affects WPJobBoard: from n/a through n/a.
Title WordPress WPJobBoard plugin < 5.11.1 - Path Traversal vulnerability
Weaknesses CWE-35
References
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:12:02.205Z

Reserved: 2025-03-26T09:22:27.935Z

Link: CVE-2025-30966

cve-icon Vulnrichment

Updated: 2025-04-16T14:11:46.740Z

cve-icon NVD

Status : Deferred

Published: 2025-04-15T22:15:26.553

Modified: 2026-04-28T19:30:50.840

Link: CVE-2025-30966

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T23:00:04Z

Weaknesses