CVE-2025-30965: 
WordPress vulnerability analysis and mitigation

Cross-Site Request Forgery (CSRF) vulnerability affects the WordPress WPJobBoard plugin in versions prior to 5.11.1. The vulnerability was discovered by Ananda Dhakal and publicly disclosed on April 9, 2025. The issue stems from missing or incorrect nonce validation on several functions within the plugin (WPScan, Patchstack).

The vulnerability has been assigned a CVSS v3.1 base score of 4.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N. The issue is classified as CWE-352 (Cross-Site Request Forgery) and falls under the OWASP Top 10 category A2: Broken Authentication and Session Management (WPScan, Patchstack).

The vulnerability allows unauthenticated attackers to perform unauthorized actions by tricking site administrators into performing specific actions, such as clicking on malicious links. The impact is considered low severity but could potentially lead to unauthorized state-changing requests being executed on behalf of authenticated users (Patchstack).

The vulnerability has been fixed in WPJobBoard version 5.11.1. Users are advised to update to this version or later to remove the vulnerability. For Patchstack users, enabling auto-update for vulnerable plugins is recommended as an additional security measure (Patchstack).