WPJobBoard < 5.11.1 – Cross-Site Request Forgery | CVE 2025-30965 | Plugin Vulnerabilities

Description

The WPJobBoard plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to 5.11.1. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to perform unauthorized actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Affects Plugins

Fixed in 5.11.1

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/97d28ec3-a06a-4f8b-9926-f81166be324d

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CVSS

Miscellaneous

Original Researcher

Ananda Dhakal

Verified

No

WPVDB ID

677e3913-62ab-41f1-b70f-3390363e0dae

Timeline

Publicly Published

2025-04-09 (about 10 months ago)

Added

2025-04-16 (about 10 months ago)

Last Updated

2025-04-16 (about 10 months ago)

Other

Published

Title

Published

2023-03-31

Title

Health Check & Troubleshooting < 1.6.0 - CSRF

Published

2023-10-06

Title

GoodBarber < 1.0.24 - Settings Update via CSRF

Published

2025-09-05

Title

WN Flipbox Pro <= 2.1 - Cross-Site Request Forgery

Published

2018-05-28

Title

JS Job <= 1.0.6 - CSRF

Published

2024-11-01

Title

GMO Social Connection <= 1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting