The vulnerability arises from the insertion of sensitive information into data that is sent to the client, allowing an attacker to retrieve embedded sensitive data. This flaw, classified as CWE‑201 (Information Exposure Through an Improperly Guarded Resource), can lead to the disclosure of confidential information that the plugin handles. The CVE description indicates that the issue exists in all versions from the first release up to and including 1.2.8, so any site running one of those versions is susceptible. If exploited, the exposed data could compromise user privacy and trust, but no privilege escalation or code execution is described.

The affected product is the JobBoard Job listing plugin developed by Themeglow, versions up to 1.2.8. WordPress sites that have installed this plugin within that version range are impacted. The vulnerability exists in the plugin's product code, not in WordPress core.

The CVSS score of 5.9 reflects a moderate severity, and the EPSS score of <1% indicates that the likelihood of exploitation is currently low. The vulnerability is not included in the CISA KEV catalog, further suggesting a lower threat level. The attack vector is not explicitly stated, but because the flaw involves data sent to the client, the likely vector is a web-based request to the plugin's output. Remote attackers could potentially trigger the flaw by accessing public pages that include the plugin, or they could manipulate query parameters to prompt the plugin to reveal sensitive data. No authentication requirement is mentioned, so the exposure could be publicly available.