Description
Missing Authorization vulnerability in EMV JobBank allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects JobBank: from n/a through 1.2.3.
Published: 2026-06-17
Score: 7.3 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a missing authorization flaw in the JobBank WordPress plugin through version 1.2.3. It allows an attacker to access or modify functions and data that should only be available to privileged users, as the plugin’s access control checks are incorrectly implemented. This flaw falls under CWE‑862, a Missing Authorization weakness.

Affected Systems

The flaw affects WordPress sites that have the EMV JobBank plugin installed, any version from the earliest release up to and including 1.2.3. No specific CPE strings are available, but the affected product is identified by the vendor EMV.

Risk and Exploitability

The CVSS score of 7.3 indicates a high severity vulnerability. No EPSS score is available and the alert is not listed in the CISA KEV catalog. The likely attack vector is remote, via the WordPress admin interface or the plugin’s exposed endpoints, and does not require user interaction. Successful exploitation could grant an attacker unauthorized control of job posting data or administrative capabilities within the site.

Generated by OpenCVE AI on June 18, 2026 at 13:48 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the JobBank plugin to a version newer than 1.2.3 once a patch is released.
  • Review and tighten WordPress user role capabilities related to JobBank, removing any unnecessary or overly permissive roles.
  • Implement additional access controls such as a web application firewall or IP restrictions to block unauthorized access to the plugin’s administrative pages.

Generated by OpenCVE AI on June 18, 2026 at 13:48 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 21 Jun 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Emv
Emv jobbank
Wordpress
Wordpress wordpress
Vendors & Products Emv
Emv jobbank
Wordpress
Wordpress wordpress

Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 17 Jun 2026 14:00:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in EMV JobBank allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects JobBank: from n/a through 1.2.3.
Title WordPress JobBank plugin <= 1.2.3 - Broken Access Control vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-06-17T15:36:54.455Z

Reserved: 2025-12-29T11:20:13.815Z

Link: CVE-2025-69189

cve-icon Vulnrichment

Updated: 2026-06-17T15:36:48.696Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-20T22:57:31Z

Weaknesses