CVE-2025-30856: 
WordPress vulnerability analysis and mitigation

The Custom Field For WP Job Manager WordPress plugin contains a Cross-Site Request Forgery (CSRF) vulnerability affecting versions up to and including 1.4. The vulnerability was discovered by Nguyen Thi Huyen Trang (Skalucy) and was disclosed on March 27, 2025. This security issue impacts the theme funda Custom Field For WP Job Manager plugin functionality (NVD, Patchstack).

The vulnerability has been assigned CVE-2025-30856 and received a CVSS v3.1 Base Score of 4.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N. The issue is classified as CWE-352: Cross-Site Request Forgery (CSRF) and requires no authentication to exploit, though it does require user interaction (NVD, Patchstack).

This vulnerability could allow malicious actors to force higher privileged users to execute unwanted actions under their current authentication. The severity is considered low, with potential impacts limited to unauthorized actions being performed on behalf of authenticated users (Patchstack).

The vulnerability has been fixed in version 1.5 of the Custom Field For WP Job Manager plugin. Users are advised to update to version 1.5 or later to remove the vulnerability. Patchstack users can enable auto-update for vulnerable plugins (Patchstack).