CVE-2024-55993: 
WordPress vulnerability analysis and mitigation

A Missing Authorization vulnerability was identified in the PickPlugins Job Board Manager WordPress plugin, affecting versions up to 2.1.60. The vulnerability was discovered by security researcher Kévin Mosbahi (Mika) and was publicly disclosed on December 14, 2024. This security issue has been assigned CVE-2024-55993 and received a CVSS v3.1 base score of 5.3 (Medium) (Patchstack).

The vulnerability is classified as a Missing Authorization issue (CWE-862) and involves broken access control. The CVSS v3.1 vector string is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L, indicating that the vulnerability is network accessible, requires low attack complexity, and needs no privileges or user interaction to exploit (Patchstack).

The vulnerability allows for exploiting incorrectly configured access control security levels. While classified as low severity, it could potentially enable unprivileged users to execute certain higher privileged actions (Patchstack).

As of the disclosure date, no official fix has been made available for this vulnerability. The issue affects versions up to 2.1.60 of the Job Board Manager plugin (Patchstack).