Impact
The vulnerability is a missing authorization flaw in the JobBank WordPress plugin through version 1.2.3. It allows an attacker to access or modify functions and data that should only be available to privileged users, as the plugin’s access control checks are incorrectly implemented. This flaw falls under CWE‑862, a Missing Authorization weakness.
Affected Systems
The flaw affects WordPress sites that have the EMV JobBank plugin installed, any version from the earliest release up to and including 1.2.3. No specific CPE strings are available, but the affected product is identified by the vendor EMV.
Risk and Exploitability
The CVSS score of 7.3 indicates a high severity vulnerability. No EPSS score is available and the alert is not listed in the CISA KEV catalog. The likely attack vector is remote, via the WordPress admin interface or the plugin’s exposed endpoints, and does not require user interaction. Successful exploitation could grant an attacker unauthorized control of job posting data or administrative capabilities within the site.
OpenCVE Enrichment