{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-32334", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2026-03-12T11:10:25.226Z", "datePublished": "2026-03-13T11:41:55.950Z", "dateUpdated": "2026-04-29T09:51:57.303Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "jobscout", "product": "JobScout", "vendor": "raratheme", "versions": [{"changes": [{"at": "1.1.8", "status": "unaffected"}], "lessThanOrEqual": "1.1.7", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Tr\u01b0\u01a1ng H\u1eefu Ph\u00fac (truonghuuphuc) | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-01T16:04:37.324Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Missing Authorization vulnerability in raratheme JobScout jobscout allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects JobScout: from n/a through <= 1.1.7.</p>"}], "value": "Missing Authorization vulnerability in raratheme JobScout jobscout allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JobScout: from n/a through <= 1.1.7."}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "Exploiting Incorrectly Configured Access Control Security Levels"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-29T09:51:57.303Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Theme/jobscout/vulnerability/wordpress-jobscout-theme-1-1-7-broken-access-control-vulnerability?_s_id=cve"}], "title": "WordPress JobScout theme <= 1.1.7 - Broken Access Control vulnerability"}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-32334", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-13T18:44:19.874418Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-13T18:53:29.856Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-32334", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-13T18:44:19.874418Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-13T18:44:20.484Z"}}], "cna": {"title": "WordPress JobScout theme <= 1.1.7 - Broken Access Control vulnerability", "credits": [{"lang": "en", "type": "finder", "value": "Tr\u01b0\u01a1ng H\u1eefu Ph\u00fac (truonghuuphuc) | Patchstack Bug Bounty Program"}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "Exploiting Incorrectly Configured Access Control Security Levels"}]}], "affected": [{"vendor": "raratheme", "product": "JobScout", "versions": [{"status": "affected", "changes": [{"at": "1.1.8", "status": "unaffected"}], "version": "n/a", "versionType": "custom", "lessThanOrEqual": "<= 1.1.7"}], "packageName": "jobscout", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "datePublic": "2026-03-13T12:41:15.839Z", "references": [{"url": "https://patchstack.com/database/Wordpress/Theme/jobscout/vulnerability/wordpress-jobscout-theme-1-1-7-broken-access-control-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in raratheme JobScout jobscout allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JobScout: from n/a through <= 1.1.7.", "supportingMedia": [{"type": "text/html", "value": "Missing Authorization vulnerability in raratheme JobScout jobscout allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects JobScout: from n/a through <= 1.1.7.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "Missing Authorization"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-03-13T11:41:55.950Z"}}}, "cveMetadata": {"cveId": "CVE-2026-32334", "state": "PUBLISHED", "dateUpdated": "2026-03-13T18:53:29.856Z", "dateReserved": "2026-03-12T11:10:25.226Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2026-03-13T11:41:55.950Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in raratheme JobScout jobscout allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JobScout: from n/a through <= 1.1.7."}, {"lang": "es", "value": "Vulnerabilidad por falta de autorizaci\u00f3n en raratheme JobScout jobscout permite la explotaci\u00f3n de niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a JobScout: desde n/a hasta &lt;= 1.1.7."}], "id": "CVE-2026-32334", "lastModified": "2026-04-22T21:30:26.497", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-13T19:54:43.893", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Theme/jobscout/vulnerability/wordpress-jobscout-theme-1-1-7-broken-access-control-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.1.7]"}}], "enrichment": {"confidence": 97.0, "confidence_source": "matching", "scores": [{"score": 97.0, "source": "matching"}]}, "original": {"product": "JobScout", "source": "cna", "vendor": "raratheme"}, "product": "jobscout", "vendor": "rarathemes"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-03-19T15:03:17.154953+00:00", "value": {"mitigation_remediation": ["Upgrade the JobScout theme to a version that contains the fix (ideally 1.1.8 or later).", "Verify the installed theme version through the WordPress administration panel or by checking the plugin\u2019s changelog.", "If an immediate upgrade is not possible, temporarily disable the JobScout theme or restrict user roles that can access job management functions.", "Monitor site logs for unusual job creation, editing, or deletion activity."], "summary": {"action": "Apply Patch", "impact": "Unauthorized Access"}, "threat_synthesis": {"affected_systems": "WordPress sites that deploy the raratheme:JobScout theme with a version of 1.1.7 or earlier are vulnerable. This includes all installations of the JobScout theme dated from the earliest releases up to and including 1.1.7.", "description_and_impact": "The vulnerability is a broken access control flaw in the WordPress JobScout theme, which results from missing authorization checks. An attacker who can access the theme\u2019s functionality may be able to perform actions that the user has not been intended to perform, such as creating, editing, or deleting job postings and viewing sensitive data. The weakness corresponds to CWE-862, which identifies the failure to enforce required authorizations.", "risk_and_exploitability": "The CVSS score of 5.3 indicates moderate severity, and the EPSS score of less than 1\u202f% suggests a low probability of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog, and no widespread exploits are publicly documented. The likely attack vector is through the WordPress web interface where the theme\u2019s panels are accessible; an attacker would need to reach the pages that invoke the compromised functions, which could be possible even without additional authentication if the site is misconfigured."}}}}, "created": "2026-03-16T09:37:34.607994+00:00", "updated": "2026-03-23T09:59:20.526826+00:00", "vendors": ["rarathemes", "rarathemes$PRODUCT$jobscout", "wordpress", "wordpress$PRODUCT$wordpress"]}