Description
Missing Authorization vulnerability in raratheme JobScout jobscout allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JobScout: from n/a through <= 1.1.7.
Published: 2026-03-13
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Access
Action: Apply Patch
AI Analysis

Impact

The vulnerability is a broken access control flaw in the WordPress JobScout theme, which results from missing authorization checks. An attacker who can access the theme’s functionality may be able to perform actions that the user has not been intended to perform, such as creating, editing, or deleting job postings and viewing sensitive data. The weakness corresponds to CWE-862, which identifies the failure to enforce required authorizations.

Affected Systems

WordPress sites that deploy the raratheme:JobScout theme with a version of 1.1.7 or earlier are vulnerable. This includes all installations of the JobScout theme dated from the earliest releases up to and including 1.1.7.

Risk and Exploitability

The CVSS score of 5.3 indicates moderate severity, and the EPSS score of less than 1 % suggests a low probability of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog, and no widespread exploits are publicly documented. The likely attack vector is through the WordPress web interface where the theme’s panels are accessible; an attacker would need to reach the pages that invoke the compromised functions, which could be possible even without additional authentication if the site is misconfigured.

Generated by OpenCVE AI on March 19, 2026 at 15:03 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the JobScout theme to a version that contains the fix (ideally 1.1.8 or later).
  • Verify the installed theme version through the WordPress administration panel or by checking the plugin’s changelog.
  • If an immediate upgrade is not possible, temporarily disable the JobScout theme or restrict user roles that can access job management functions.
  • Monitor site logs for unusual job creation, editing, or deletion activity.

Generated by OpenCVE AI on March 19, 2026 at 15:03 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 16 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Rarathemes
Rarathemes jobscout
Wordpress
Wordpress wordpress
Vendors & Products Rarathemes
Rarathemes jobscout
Wordpress
Wordpress wordpress

Fri, 13 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 13 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in raratheme JobScout jobscout allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JobScout: from n/a through <= 1.1.7.
Title WordPress JobScout theme <= 1.1.7 - Broken Access Control vulnerability
Weaknesses CWE-862
References

Subscriptions

Rarathemes Jobscout
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-01T14:15:53.496Z

Reserved: 2026-03-12T11:10:25.226Z

Link: CVE-2026-32334

cve-icon Vulnrichment

Updated: 2026-03-13T18:44:20.484Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-13T19:54:43.893

Modified: 2026-03-16T14:53:46.157

Link: CVE-2026-32334

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-23T09:59:20Z

Weaknesses