CVE-2025-31834: 
WordPress vulnerability analysis and mitigation

A Missing Authorization vulnerability was discovered in themeglow JobBoard Job listing plugin affecting versions through 1.2.7. The vulnerability was reported by Tran Hoang Tuan Kiet on February 13, 2025, and was publicly disclosed on April 1, 2025. The issue has been assigned CVE-2025-31834 and received a CVSS v3.1 score of 5.3 (Medium) (Patchstack).

The vulnerability is classified as CWE-862 (Missing Authorization) and involves broken access control issues. The security flaw allows exploiting incorrectly configured access control security levels. The CVSS v3.1 vector string is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N, indicating that the vulnerability can be exploited over the network, requires low attack complexity, needs no privileges, and requires no user interaction (NVD).

The vulnerability allows unprivileged users to execute certain higher privileged actions due to missing authorization, authentication, or nonce token checks. The impact is considered low severity but could potentially lead to unauthorized access to protected functionality (Patchstack).

As of April 8, 2025, no official fix is available for this vulnerability. The issue affects versions through 1.2.7 of the JobBoard Job listing plugin (Patchstack).