CVE-2025-68855 MEDIUM

CVE-2025-68855: WordPress JobBoard Job listing plugin <= 1.2.8 - Sensitive Data Exposure vulnerability

Vendor Themeglow
Product JobBoard Job listing
Weakness CWE-201
Published February 20, 2026
Last update April 29, 2026

CVSS base score

5.9/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

Insertion of Sensitive Information Into Sent Data vulnerability in themeglow JobBoard Job listing job-board-light allows Retrieve Embedded Sensitive Data.This issue affects JobBoard Job listing: from n/a through <= 1.2.8.

Explanation of Vulnerability in Simple Terms

02Summary

JobBoard Job Listing versions up to 1.2.8 contain an information disclosure vulnerability that allows attackers to read sensitive data without authentication. The vulnerability requires specific network conditions to exploit but does not require user interaction. No integrity or availability impact occurs. Update to a version newer than 1.2.8 to remediate.

What an attacker can do

03Attacker Capabilities

Read sensitive information from the site without logging in.

Potential impact on your site

04Site Impact

Sensitive data may be exposed to unauthenticated attackers, potentially including user information or configuration details.

Conditions required to exploit

05Prerequisites

Network access to the site; specific conditions must be met to trigger the vulnerability.

Key dates

06Disclosure timeline

February 20, 2026 CVE published
April 29, 2026 Record updated