CVE-2025-68855
Insertion of Sensitive Data in themeglow JobBoard
Publication date: 2026-02-20
Last updated on: 2026-02-25
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| themeglow | job_board_light | to 1.2.8 (inc) |
| themeglow | jobboard_job_listing | to 1.2.8 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-201 | The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-68855 is a medium priority Sensitive Data Exposure vulnerability in the WordPress JobBoard Job listing Plugin versions up to and including 1.2.8.
The vulnerability is classified under OWASP Top 10 A1: Broken Access Control and allows unauthenticated attackers to access sensitive information that is normally restricted to regular users.
This means that attackers can retrieve embedded sensitive data from the plugin without proper authorization.
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized access to sensitive information within the JobBoard Job listing plugin.
Such exposure of sensitive data can be leveraged by attackers to exploit other weaknesses in the system, potentially leading to further security breaches.
Since the vulnerability allows unauthenticated access, it increases the risk of data compromise without requiring attacker credentials.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
This vulnerability affects the WordPress JobBoard Job listing Plugin versions up to and including 1.2.8 and allows unauthenticated attackers to access sensitive information.
As of January 27, 2026, no official patch or virtual patch is available for this issue.
Users are advised to mitigate or resolve the vulnerability immediately to prevent exploitation.
- Consider disabling or removing the vulnerable plugin (JobBoard Job listing Plugin version β€ 1.2.8) until a patch is released.
- Restrict access to the plugin or related endpoints by implementing access controls or firewall rules to limit unauthenticated access.
- Monitor your system for any suspicious activity related to the plugin.