CVE-2025-31867: 
WordPress vulnerability analysis and mitigation

An Authorization Bypass Through User-Controlled Key vulnerability was discovered in JoomSky JS Job Manager plugin versions through 2.0.2. The vulnerability was disclosed on April 1, 2025, and is tracked as CVE-2025-31867. The vulnerability affects the access control security levels in the JS Job Manager WordPress plugin (Patchstack).

The vulnerability is classified as an Insecure Direct Object References (IDOR) issue, categorized under CWE-639 (Authorization Bypass Through User-Controlled Key). It received a CVSS v3.1 base score of 5.4 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L, indicating network accessibility with low attack complexity and requiring low privileges (Patchstack).

The vulnerability could allow malicious actors to bypass authorization and authentication mechanisms, potentially leading to unauthorized access to sensitive files, folders, or database interactions. The impact is considered to have low severity but could affect the integrity and availability of the system (Patchstack).

Currently, there is no official fix available for this vulnerability. The issue affects versions up to and including 2.0.2, and no patched version has been released yet (Patchstack).