Plattform
wordpress
Komponente
wp-job-manager
Behoben in
2.0.1
CVE-2023-52212 describes a Cross-Site Request Forgery (CSRF) vulnerability affecting the WP Job Manager plugin for WordPress. This vulnerability allows an attacker to potentially perform unauthorized actions on a user's account if they can trick the user into clicking a malicious link. The vulnerability impacts versions of WP Job Manager up to and including 2.0.0, and a patch is available in version 2.0.1.
A successful CSRF attack could allow an attacker to modify job listings, user profiles, or other settings within the WP Job Manager plugin without the user's knowledge or consent. This could lead to data manipulation, unauthorized content creation, or even account takeover depending on the plugin's functionality and user permissions. The impact is amplified if the website is used for sensitive job applications or contains confidential information. While the CVSS score is medium, the ease of exploitation and potential for widespread impact on WordPress sites warrants immediate attention.
This vulnerability was publicly disclosed on 2026-01-05. There are currently no known public proof-of-concept exploits available, but the ease of CSRF exploitation means it could be quickly developed. It is not currently listed on the CISA KEV catalog. Active campaigns are not confirmed at this time.
Websites using the WP Job Manager plugin, particularly those with user accounts and job posting functionality, are at risk. Shared hosting environments where plugin updates are managed centrally are especially vulnerable if they haven't applied the update. Sites with legacy WordPress installations or those that haven't implemented robust security practices are also at increased risk.
• wordpress / composer / npm:
grep -r 'wp_job_manager' /var/www/html/wp-content/plugins/
wp plugin list | grep wp-job-manager• generic web:
curl -I https://example.com/wp-admin/admin-ajax.php?action=wp_job_manager_some_action&nonce=malicious_noncedisclosure
Exploit-Status
EPSS
0.05% (15% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation is to upgrade the WP Job Manager plugin to version 2.0.1 or later. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) with CSRF protection rules to filter out malicious requests. Additionally, ensure that all user input is properly validated and sanitized to prevent unexpected behavior. Implementing the 'nonce' verification mechanism within the plugin's code can further strengthen defenses against CSRF attacks. After upgrading, confirm the fix by attempting to trigger a CSRF action and verifying that it is blocked.
Actualiza el plugin WP Job Manager a la última versión disponible. La vulnerabilidad CSRF permite que atacantes ejecuten acciones no autorizadas en nombre de un usuario autenticado. La actualización corrige esta vulnerabilidad.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2023-52212 is a Cross-Site Request Forgery (CSRF) vulnerability in the WP Job Manager WordPress plugin, allowing attackers to perform unauthorized actions.
You are affected if you are using WP Job Manager version 2.0.0 or earlier. Upgrade to 2.0.1 to mitigate the risk.
Upgrade the WP Job Manager plugin to version 2.0.1 or later. Consider WAF rules as a temporary mitigation.
There are currently no confirmed reports of active exploitation, but the ease of CSRF exploitation means it could be quickly exploited.
Refer to the WP Job Manager plugin's official website or WordPress.org plugin repository for the latest security advisories.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.