CVE-2026-49057
Deferred Deferred - Pending Action

Unauthenticated Broken Access Control in JobSearch

Vulnerability report for CVE-2026-49057, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-17

Last updated on: 2026-06-17

Assigner: Patchstack

Description

Unauthenticated Broken Access Control in JobSearch <= 3.2.7 versions.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-17
Last Modified
2026-06-17
Generated
2026-07-08
AI Q&A
2026-06-17
EPSS Evaluated
2026-07-06
NVD
EUVD

Affected Vendors & Products

Showing 3 associated CPEs
Vendor Product Version / Range
jobsearch jobsearch to 3.2.7 (inc)
patchstack jobsearch to 3.2.7 (inc)
patchstack jobsearch 3.2.8

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Compliance Impact

The vulnerability allows unauthenticated attackers to perform privileged actions due to missing authorization checks, which constitutes a Broken Access Control issue.

Such unauthorized access can lead to exposure or manipulation of sensitive data, potentially violating data protection requirements under regulations like GDPR and HIPAA.

Therefore, if exploited, this vulnerability could negatively impact compliance with common standards and regulations that mandate strict access controls and protection of personal or sensitive information.

Executive Summary

CVE-2026-49057 is a high-priority Broken Access Control vulnerability found in the WordPress JobSearch Plugin versions 3.2.7 and below.

This flaw allows unauthenticated attackers to perform privileged actions because the plugin lacks proper authorization checks.

It is classified under the OWASP Top 10 A1 category, indicating it is a critical security issue related to access control.

Impact Analysis

This vulnerability can have a significant impact as it allows attackers without any authentication to perform privileged actions on affected websites.

Because of missing authorization checks, attackers can exploit this flaw to potentially manipulate or access sensitive data or functionality.

The vulnerability is considered high risk with a CVSS score of 7.5 and can be exploited in mass campaigns targeting thousands of websites using the vulnerable plugin.

Users are strongly advised to update to version 3.2.8 or apply mitigation rules to block attacks until the update is applied.

Mitigation Strategies

The vulnerability affects WordPress JobSearch Plugin versions 3.2.7 and below and allows unauthenticated attackers to perform privileged actions due to missing authorization checks.

Immediate mitigation steps include updating the plugin to version 3.2.8, which contains the patch for this issue.

Until the update can be applied, users are advised to use mitigation rules provided by Patchstack to block attacks targeting this vulnerability.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-49057. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart