The vulnerability is a Cross‑Site Request Forgery flaw in the DexignZone JobZilla theme that can allow an attacker to perform actions as an authenticated user, potentially resulting in privilege escalation. Because the theme fails to validate requests properly, a malicious website can trick a logged‑in administrator into submitting requests that modify job listings, change site settings, or otherwise perform privileged operations without the user’s consent.

Affected systems are WordPress sites that use the DexignZone JobZilla – Job Board WordPress Theme version 2.0 or earlier. The CVE notes that all releases from inception through 2.0 are vulnerable. No specific sub‑versions are listed beyond the upper bound, so any instance of the theme in the affected range is considered at risk.

The flaw carries a CVSS score of 8.8, classifying it as high severity. The EPSS score of less than 1% indicates a very low likelihood of exploitation at this time, and the vulnerability is not yet listed in the CISA KEV catalog. Attackers would need a user to be authenticated and the CSRF protection missing, so the vector is a browser‑based request from a third‑party site. Because privilege escalation is possible, the risk is high for administrators and any user with elevated permissions.