Description
Missing Authorization vulnerability in JoomSky JS Job Manager js-jobs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Job Manager: from n/a through <= 2.0.2.
Published: 2025-04-01
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability is a missing authorization flaw that allows attackers to bypass the job manager's access controls. The flaw is rooted in Incorrectly Configured Access Control Security Levels and is classified as CWE-862. An attacker who successfully exploits this weakness can perform job‑management actions that are normally restricted to privileged roles, potentially exposing sensitive job data or manipulating listings.

Affected Systems

The issue affects the JoomSky JS Job Manager plugin installed in WordPress environments. All instances running version 2.0.2 or earlier are impacted.

Risk and Exploitability

The CVSS score of 5.3 indicates a moderate risk, while the EPSS score of < 1% shows that exploit attempts are rare. The vulnerability is not listed in the CISA KEV catalog, which means no widespread exploitation has been observed. The likely attack vector is web‑based, wherein an attacker sends crafted HTTP requests to the plugin’s endpoints to maneuver through the broken access controls. No additional prerequisites are noted beyond standard access to the site’s web interface.

Generated by OpenCVE AI on May 1, 2026 at 01:45 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the JoomSky JS Job Manager plugin to version 2.0.3 or later to eliminate the missing authorization flaw.
  • If an upgrade cannot be applied immediately, review the plugin’s capability settings and ensure that only administrators or designated roles can access job posting endpoints; remove or restrict any anonymous or unprivileged role abilities related to the plugin.
  • Disable or remove any public job submission forms that are not required, ensuring that all job‑related actions require proper authentication.

Generated by OpenCVE AI on May 1, 2026 at 01:45 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-9179 Missing Authorization vulnerability in JoomSky JS Job Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects JS Job Manager: from n/a through 2.0.2.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in JoomSky JS Job Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects JS Job Manager: from n/a through 2.0.2. Missing Authorization vulnerability in JoomSky JS Job Manager js-jobs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Job Manager: from n/a through <= 2.0.2.
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

Fri, 23 Jan 2026 20:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:joomsky:js_job_manager:*:*:*:*:*:wordpress:*:*

Tue, 01 Apr 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 01 Apr 2025 15:00:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in JoomSky JS Job Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects JS Job Manager: from n/a through 2.0.2.
Title WordPress JS Job Manager plugin <= 2.0.2 - Broken Access Control vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

Subscriptions

Joomsky Js Job Manager
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:12:14.940Z

Reserved: 2025-04-01T13:21:07.843Z

Link: CVE-2025-31868

cve-icon Vulnrichment

Updated: 2025-04-01T15:47:26.900Z

cve-icon NVD

Status : Modified

Published: 2025-04-01T15:16:28.983

Modified: 2026-04-23T15:28:27.157

Link: CVE-2025-31868

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-01T02:00:06Z

Weaknesses