What the vulnerability does
01Description
Authorization Bypass Through User-Controlled Key vulnerability in eyecix JobSearch wp-jobsearch allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JobSearch: from n/a through < 3.0.6.
Explanation of Vulnerability in Simple Terms
02Summary
JobSearch versions 3.0.6 and earlier contain a denial-of-service vulnerability accessible to authenticated users. An attacker with low-level account access can trigger a condition that degrades site availability. The vulnerability requires network access and valid credentials but no user interaction. Administrators should update to a version newer than 3.0.6.
What an attacker can do
03Attacker Capabilities
Degrade or disrupt site availability by triggering a denial-of-service condition.
Potential impact on your site
04Site Impact
Authenticated users can cause temporary service disruption affecting site performance or availability.
Conditions required to exploit
05Prerequisites
Attacker must have a valid low-privilege user account on the site.
Key dates
06Disclosure timeline
June 20, 2025
CVE published
April 28, 2026
Record updated