Impact
The JobSearch plugin contains an unauthenticated broken access control flaw that allows an attacker to bypass privilege checks for sensitive actions. That enables the creation, modification, or deletion of job listings and access to administrative functions without proper authentication, threatening the integrity and confidentiality of job data.
Affected Systems
EyeCix Technologies' WordPress JobSearch plugin, versions 3.2.7 and earlier, is affected. The vulnerability exists in WordPress sites that deploy this plugin for job search capabilities.
Risk and Exploitability
The CVSS score of 7.5 signals a high severity risk, while an EPSS score of below 1% indicates a low probability of current exploitation. Based on the description, it is inferred that the attack vector involves the plugin’s exposed administrative endpoints, allowing attackers to exploit the vulnerability directly from any IP address that can reach the WordPress site, leveraging the plugin’s exposed administrative endpoints without authentication. The flaw is not listed in CISA's KEV catalog. The CNA recommends updating to version 3.2.8 or later to remove the flaw.
OpenCVE Enrichment