Description
Missing Authorization vulnerability in PickPlugins Job Board Manager job-board-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Job Board Manager: from n/a through <= 2.1.60.
Published: 2025-06-06
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability stems from missing authorization checks within the Job Board Manager plugin. An attacker can exploit the improperly configured access control security levels to perform actions normally restricted to privileged users. The result is the ability to manipulate job listings, user accounts, or other protected resources, potentially compromising the integrity of the website.

Affected Systems

All installations of PickPlugins Job Board Manager version 2.1.60 or earlier are affected. The vulnerability applies to every release from the earliest documented version up through 2.1.60, irrespective of the initial release date.

Risk and Exploitability

The CVSS score of 5.3 indicates moderate severity; however, the EPSS score of less than 1% suggests that the likelihood of exploitation remains low under current conditions. The vulnerability is not listed in the CISA KEV catalog. The attack is likely to be carried out via the web interface of the affected WordPress site, allowing an unauthenticated or low‑privileged user to elevate privileges if the site is not otherwise hardened.

Generated by OpenCVE AI on April 30, 2026 at 11:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest version of the Job Board Manager plugin (2.1.61 or newer).
  • If an update cannot be applied immediately, constrain access to the plugin’s administrative pages by configuring the site’s role‑based permissions to exclude all users who do not require job‑board functionality.
  • As an interim workaround, disable the plugin entirely on any site that does not actively use the job‑board feature until a patch is available.

Generated by OpenCVE AI on April 30, 2026 at 11:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-17248 Missing Authorization vulnerability in PickPlugins Job Board Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Job Board Manager: from n/a through 2.1.60.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in PickPlugins Job Board Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Job Board Manager: from n/a through 2.1.60. Missing Authorization vulnerability in PickPlugins Job Board Manager job-board-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Job Board Manager: from n/a through <= 2.1.60.
Title WordPress Job Board Manager <= 2.1.60 - Broken Access Control Vulnerability WordPress Job Board Manager plugin <= 2.1.60 - Broken Access Control Vulnerability
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

Fri, 06 Jun 2025 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 06 Jun 2025 13:00:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in PickPlugins Job Board Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Job Board Manager: from n/a through 2.1.60.
Title WordPress Job Board Manager <= 2.1.60 - Broken Access Control Vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:13:01.324Z

Reserved: 2025-06-04T09:42:17.746Z

Link: CVE-2025-49324

cve-icon Vulnrichment

Updated: 2025-06-06T19:01:05.209Z

cve-icon NVD

Status : Deferred

Published: 2025-06-06T13:15:48.803

Modified: 2026-04-23T15:31:28.093

Link: CVE-2025-49324

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T12:00:12Z

Weaknesses