An improper control of code generation flaw allows an attacker to inject executable code into the WordPress Job Board Manager plugin. The CVE exploits a code injection weakness, identified as CWE‑94, that could lead to execution of arbitrary PHP within the web server context. While the CVSS score of 3.8 reflects moderate severity, the flaw permits direct impact on confidentiality and integrity if successfully triggered, potentially serving as a vector for further compromise.

The vulnerability affects the PickPlugins Job Board Manager WordPress plugin up to and including version 2.1.61. Administrators must verify that any installations of this plugin fall within that version range and plan to apply the vendor’s patch or newer release.

The EPSS score indicates an exploitation likelihood of less than 1%, and the vulnerability is not listed in CISA’s KEV catalog, suggesting minimal known exploitation. The likely attack vector is via the plugin’s content handling mechanisms, potentially requiring authenticated access to the job posting or content submission interfaces. Because the CVSS score reflects a moderate impact, the risk is considered manageable with prompt remediation, but the code injection nature warrants prompt action to prevent higher‑severity outcomes.