The vulnerability is a Cross‑Site Request Forgery flaw identified as CWE‑352 that allows an attacker to trick an authenticated user into sending state‑changing requests to the WordPress site using the JobWP plugin. The flaw can result in the attacker creating, editing, or deleting job postings, or otherwise manipulating site data without the user’s knowledge. No escalation to remote code execution or system compromise is described in the available information.

Vendors: Hossni Mubarak. Product: JobWP plugin for WordPress. All versions up to 2.4.3 are vulnerable; versions beyond 2.4.3 are not known to be affected.

The CVSS score of 4.3 places this issue in the Low severity range. The EPSS score of less than 1% indicates an extremely low likelihood of exploitation in the wild at present, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is CSRF, which requires an authenticated user to unknowingly visit a malicious page that submits a request to the target site. Because the flaw operates through standard web requests and carries no remote code execution vector, the overall risk is moderate, but the impact to site integrity could be significant if the attacker targets sensitive administrative accounts.