CVE-2026-27049
Received Received - Intake
Authentication Bypass in Jobica Core ≀ 1.4.2 via Alternate Path

Publication date: 2026-03-25

Last updated on: 2026-04-23

Assigner: Patchstack

Description
Authentication Bypass Using an Alternate Path or Channel vulnerability in NooTheme Jobica Core jobica-core allows Authentication Abuse.This issue affects Jobica Core: from n/a through <= 1.4.2.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-25
Last Modified
2026-04-23
Generated
2026-06-16
AI Q&A
2026-03-26
EPSS Evaluated
2026-06-15
NVD
CVE-2026-27049
EUVD
EUVD-2026-15767
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
nootheme jobica_core to 1.4.2 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-288 The product requires authentication, but the product has an alternate path or channel that does not require authentication.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability allows unauthenticated attackers to gain administrative access to affected websites by exploiting broken authentication mechanisms.

Such unauthorized access can lead to data breaches or unauthorized data manipulation, which may result in non-compliance with common standards and regulations like GDPR and HIPAA that require strict access controls and protection of sensitive data.

Therefore, failure to mitigate this vulnerability could compromise compliance with these regulations due to potential exposure or misuse of personal or protected health information.

Executive Summary

CVE-2026-27049 is a high-severity authentication bypass vulnerability in the WordPress Jobica Core Plugin versions up to and including 1.4.2. It allows unauthenticated attackers to bypass normal authentication mechanisms by using an alternate path or channel, enabling them to perform actions that are normally restricted to higher-privileged users.

This vulnerability falls under the OWASP Top 10 category A7: Identification and Authentication Failures, meaning it exploits weaknesses in the authentication process to gain unauthorized access.

Impact Analysis

This vulnerability can have critical impacts as it allows attackers to gain administrative access to affected WordPress websites without proper authentication.

  • Attackers can take over accounts and perform administrative actions.
  • It can lead to unauthorized changes, data theft, or site defacement.
  • Because of its high CVSS score of 9.8, it is likely to be exploited in mass campaigns targeting many websites.

Immediate mitigation or patching is strongly advised to prevent exploitation.

Mitigation Strategies

The WordPress Jobica Core Plugin versions up to and including 1.4.2 are affected by a critical authentication bypass vulnerability.

No official patch has been released as of March 16, 2026.

Patchstack has issued a mitigation rule that can block attacks exploiting this flaw until an official patch becomes available.

Immediate mitigation or resolution is strongly advised to protect affected sites.

Users unable to update the plugin themselves are recommended to seek assistance from their hosting provider or web developer.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-27049. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart