CVE-2026-49057
Deferred Deferred - Pending Action
Unauthenticated Broken Access Control in JobSearch

Publication date: 2026-06-17

Last updated on: 2026-06-17

Assigner: Patchstack

Description
Unauthenticated Broken Access Control in JobSearch <= 3.2.7 versions.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-17
Last Modified
2026-06-17
Generated
2026-06-17
AI Q&A
2026-06-17
EPSS Evaluated
N/A
NVD
CVE-2026-49057
EUVD
EUVD-2026-37495
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
jobsearch jobsearch to 3.2.7 (inc)
patchstack jobsearch to 3.2.7 (inc)
patchstack jobsearch 3.2.8
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-49057 is a high-priority Broken Access Control vulnerability found in the WordPress JobSearch Plugin versions 3.2.7 and below.

This flaw allows unauthenticated attackers to perform privileged actions because the plugin lacks proper authorization checks.

It is classified under the OWASP Top 10 A1 category, indicating it is a critical security issue related to access control.

Impact Analysis

This vulnerability can have a significant impact as it allows attackers without any authentication to perform privileged actions on affected websites.

Because of missing authorization checks, attackers can exploit this flaw to potentially manipulate or access sensitive data or functionality.

The vulnerability is considered high risk with a CVSS score of 7.5 and can be exploited in mass campaigns targeting thousands of websites using the vulnerable plugin.

Users are strongly advised to update to version 3.2.8 or apply mitigation rules to block attacks until the update is applied.

Mitigation Strategies

The vulnerability affects WordPress JobSearch Plugin versions 3.2.7 and below and allows unauthenticated attackers to perform privileged actions due to missing authorization checks.

Immediate mitigation steps include updating the plugin to version 3.2.8, which contains the patch for this issue.

Until the update can be applied, users are advised to use mitigation rules provided by Patchstack to block attacks targeting this vulnerability.

Compliance Impact

The vulnerability allows unauthenticated attackers to perform privileged actions due to missing authorization checks, which constitutes a Broken Access Control issue.

Such unauthorized access can lead to exposure or manipulation of sensitive data, potentially violating data protection requirements under regulations like GDPR and HIPAA.

Therefore, if exploited, this vulnerability could negatively impact compliance with common standards and regulations that mandate strict access controls and protection of personal or sensitive information.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-49057. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart