CVE-2026-12396
Received Received - Intake

Authenticated Job Moderation in WP Job Portal Plugin

Vulnerability report for CVE-2026-12396, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-13

Last updated on: 2026-07-13

Assigner: WPScan

Description

The WP Job Portal WordPress plugin before 2.5.5 does not perform capability or ownership checks before allowing job moderation actions, allowing authenticated users with a subscriber-level (self-registerable) account to approve, feature, or reject arbitrary jobs, including those owned by other users.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-13
Last Modified
2026-07-13
Generated
2026-07-13
AI Q&A
2026-07-13
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
wp_job_portal wp_job_portal to 2.5.5 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Mitigation Strategies

The immediate step to mitigate this vulnerability is to update the WP Job Portal plugin to version 2.5.5 or later, where the issue has been fixed.

Until the update can be applied, restrict subscriber-level users from performing job moderation actions by adjusting user roles or permissions if possible.

Monitoring and logging job moderation actions to detect unauthorized changes can also help mitigate impact.

Consider temporarily disabling job moderation features for subscriber-level users if feasible.

Compliance Impact

The vulnerability allows authenticated subscriber-level users to perform unauthorized job moderation actions, such as approving, featuring, or rejecting jobs owned by other users, due to lack of proper capability or ownership checks.

This unauthorized access and modification capability can lead to broken access control, which may result in improper handling or exposure of user data or job information.

Such broken access control issues can negatively impact compliance with common standards and regulations like GDPR and HIPAA, which require strict controls over data access and modification to protect user privacy and data integrity.

Executive Summary

The vulnerability CVE-2026-12396 affects the WP Job Portal WordPress plugin versions prior to 2.5.5. It allows authenticated users with a subscriber-level account, including self-registered users, to perform unauthorized job moderation actions such as approving, featuring, or rejecting jobs, even if they do not own those jobs.

This happens because the plugin does not perform proper capability or ownership checks before allowing these actions. An attacker can exploit this by obtaining a job nonce as an Employer role user and then sending crafted requests to change the status of arbitrary jobs.

For example, they can approve queued jobs, grant featured status to jobs for free, or reject live jobs belonging to other users, effectively bypassing admin moderation controls.

Impact Analysis

This vulnerability can impact you by allowing unauthorized users to manipulate job listings on your site. They can approve jobs that should be pending, feature jobs without permission, or reject legitimate jobs posted by other users.

Such unauthorized actions can lead to loss of control over the content displayed, potential reputational damage, and disruption of normal business operations related to job postings.

Detection Guidance

This vulnerability can be detected by monitoring for unauthorized job moderation actions performed by subscriber-level accounts, such as approving, featuring, or rejecting jobs they do not own.

One way to detect exploitation attempts is to look for HTTP 302 responses from the affected job moderation handlers, which indicate that crafted requests are being processed.

Network or web server logs can be searched for unusual POST requests to job moderation endpoints originating from subscriber-level users.

Specific commands depend on your environment, but examples include using grep or similar tools to search web server logs for relevant requests. For example:

  • grep -i 'POST' /var/log/apache2/access.log | grep 'job_moderation_endpoint'
  • grep -i '302' /var/log/apache2/access.log | grep 'job_moderation_endpoint'

Additionally, reviewing user activity logs for subscriber accounts performing job moderation actions can help identify exploitation.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-12396. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart