{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-24941", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2026-01-28T09:50:05.801Z", "datePublished": "2026-02-20T15:47:07.258Z", "dateUpdated": "2026-04-28T16:14:50.960Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "wp-job-portal", "product": "WP Job Portal", "vendor": "wpjobportal", "versions": [{"changes": [{"at": "2.4.5", "status": "unaffected"}], "lessThanOrEqual": "2.4.4", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "benzdeus | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-01T16:04:55.023Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Missing Authorization vulnerability in wpjobportal WP Job Portal wp-job-portal allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects WP Job Portal: from n/a through <= 2.4.4.</p>"}], "value": "Missing Authorization vulnerability in wpjobportal WP Job Portal wp-job-portal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Portal: from n/a through <= 2.4.4."}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "Exploiting Incorrectly Configured Access Control Security Levels"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-28T16:14:50.960Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/wp-job-portal/vulnerability/wordpress-wp-job-portal-plugin-2-4-4-broken-access-control-vulnerability?_s_id=cve"}], "title": "WordPress WP Job Portal plugin <= 2.4.4 - Broken Access Control vulnerability"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-20T19:03:32.109624Z", "id": "CVE-2026-24941", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-28T14:46:04.189Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-24941", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2026-01-28T09:50:05.801Z", "datePublished": "2026-02-20T15:47:07.258Z", "dateUpdated": "2026-04-28T14:46:04.189Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "wp-job-portal", "product": "WP Job Portal", "vendor": "wpjobportal", "versions": [{"changes": [{"at": "2.4.5", "status": "unaffected"}], "lessThanOrEqual": "2.4.4", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "benzdeus | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-28T13:26:28.809Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Missing Authorization vulnerability in wpjobportal WP Job Portal wp-job-portal allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects WP Job Portal: from n/a through <= 2.4.4.</p>"}], "value": "Missing Authorization vulnerability in wpjobportal WP Job Portal wp-job-portal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Portal: from n/a through <= 2.4.4."}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "Exploiting Incorrectly Configured Access Control Security Levels"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-28T12:10:46.656Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/wp-job-portal/vulnerability/wordpress-wp-job-portal-plugin-2-4-4-broken-access-control-vulnerability?_s_id=cve"}], "title": "WordPress WP Job Portal plugin <= 2.4.4 - Broken Access Control vulnerability"}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-24941", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-20T19:03:32.109624Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-20T19:02:48.212Z"}}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in wpjobportal WP Job Portal wp-job-portal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Portal: from n/a through <= 2.4.4."}, {"lang": "es", "value": "Vulnerabilidad de autorizaci\u00f3n faltante en wpjobportal WP Job Portal wp-job-portal permite la explotaci\u00f3n de niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a WP Job Portal: desde n/a hasta &lt;= 2.4.4."}], "id": "CVE-2026-24941", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-02-20T16:22:38.480", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Plugin/wp-job-portal/vulnerability/wordpress-wp-job-portal-plugin-2-4-4-broken-access-control-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,2.4.4]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[2.4.5,*]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "WP Job Portal", "source": "cna", "vendor": "wpjobportal"}, "product": "wp_job_portal", "vendor": "wpjobportal"}], "analysis": {"en": {"generated_at": "2026-04-16T16:39:23.912799+00:00", "value": {"mitigation_remediation": ["Upgrade WP Job Portal to the latest release that addresses the access control issue (version 2.4.5 or later).", "Review and tighten user role definitions, ensuring that only approved roles possess the capabilities exposed by the plugin.", "Monitor access logs for unusual activity patterns, such as enumerated API calls or repeated attempts to access restricted content, and block offending IPs if necessary."], "summary": {"action": "Apply Patch", "impact": "Unauthorized Access via Broken Access Control"}, "threat_synthesis": {"affected_systems": "The vulnerability affects all installations of WP Job Portal through version 2.4.4, including earlier releases without the fix. It applies regardless of WordPress core version and does not require additional extensions to be installed.", "description_and_impact": "The WordPress WP Job Portal plugin contains a missing authorization flaw that permits users to execute functions reserved for higher-level roles. Exploitation can lead to unauthorized viewing or modification of job postings, user data, or internal site administration actions, undermining confidentiality and integrity. Based on the description, it is inferred that the attack could be performed without an existing account.", "risk_and_exploitability": "With a CVSS score of 7.5, the flaw is considered high severity. The EPSS indicates a very low but non\u2011zero probability of exploitation, and the issue is not listed in CISA\u2019s KEV catalog. Based on the description, it is inferred that the attack vector likely involves targeting the plugin\u2019s web endpoints from any external IP, enabling unauthorized actions by sending crafted HTTP requests that bypass normal role checks."}}}}, "created": "2026-02-23T14:35:57.587207+00:00", "updated": "2026-04-16T16:45:25.946219+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress", "wpjobportal", "wpjobportal$PRODUCT$wp_job_portal"]}