Scan free
MEDIUMCVE-2023-52212CVSS 5.4

CVE-2023-52212: CSRF in WP Job Manager WordPress Plugin

Platform

wordpress

Component

wp-job-manager

Fixed in

2.0.1

AI Confidence: highNVDEPSS 0.0%Reviewed: May 2026
View on NVD
Save

CVE-2023-52212 describes a Cross-Site Request Forgery (CSRF) vulnerability affecting the WP Job Manager plugin for WordPress. This vulnerability allows an attacker to potentially perform unauthorized actions on a user's account if they can trick the user into clicking a malicious link. The vulnerability impacts versions of WP Job Manager up to and including 2.0.0, and a patch is available in version 2.0.1.

WordPress

Detect this CVE in your project

Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.

Scan free

Impact and Attack Scenarios

A successful CSRF attack could allow an attacker to modify job listings, user profiles, or other settings within the WP Job Manager plugin without the user's knowledge or consent. This could lead to data manipulation, unauthorized content creation, or even account takeover depending on the plugin's functionality and user permissions. The impact is amplified if the website is used for sensitive job applications or contains confidential information. While the CVSS score is medium, the ease of exploitation and potential for widespread impact on WordPress sites warrants immediate attention.

Exploitation Context

This vulnerability was publicly disclosed on 2026-01-05. There are currently no known public proof-of-concept exploits available, but the ease of CSRF exploitation means it could be quickly developed. It is not currently listed on the CISA KEV catalog. Active campaigns are not confirmed at this time.

Threat Intelligence

Exploit Status

Proof of ConceptUnknown
CISA KEVNO
Internet ExposureHigh

EPSS

0.05% (15% percentile)

CISA SSVC

Exploitationnone
Automatableno
Technical Impactpartial

CVSS Vector

THREAT INTELLIGENCE· CVSS 3.1CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L5.4MEDIUMAttack VectorNetworkHow the attacker reaches the targetAttack ComplexityLowConditions required to exploitPrivileges RequiredNoneAuthentication level needed to attackUser InteractionRequiredWhether a victim must take actionScopeUnchangedImpact beyond the vulnerable componentConfidentialityNoneRisk of sensitive data exposureIntegrityLowRisk of unauthorized data modificationAvailabilityLowRisk of service disruptionnextguardhq.com · CVSS v3.1 Base Score
What do these metrics mean?
Attack Vector
Network — remotely exploitable over the internet. No physical or local access required. Widest attack surface.
Attack Complexity
Low — no special conditions required. Attacker can exploit reliably without depending on rare configurations or timing.
Privileges Required
None — unauthenticated. No login or credentials needed to exploit.
User Interaction
Required — victim must take an action: open a file, click a link, or visit a crafted page.
Scope
Unchanged — impact is limited to the vulnerable component itself.
Confidentiality
None — no confidentiality impact. Attacker cannot read protected data.
Integrity
Low — attacker can modify some data with limited scope or impact.
Availability
Low — partial or intermittent denial of service. Attacker can degrade performance.

Affected Software

Componentwp-job-manager
VendorAutomattic
Affected rangeFixed in
0.0.0 – 2.0.02.0.1

Package Information

Active installs
80KKnown
Plugin rating
4.4
Requires WordPress
6.4+
Compatible up to
6.9.4
Requires PHP
7.4+
Homepage

Weakness Classification (CWE)

CWE-352

Timeline

  1. Reserved
  2. Published
  3. EPSS updated

Mitigation and Workarounds

The primary mitigation is to upgrade the WP Job Manager plugin to version 2.0.1 or later. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) with CSRF protection rules to filter out malicious requests. Additionally, ensure that all user input is properly validated and sanitized to prevent unexpected behavior. Implementing the 'nonce' verification mechanism within the plugin's code can further strengthen defenses against CSRF attacks. After upgrading, confirm the fix by attempting to trigger a CSRF action and verifying that it is blocked.

How to fix

Update the WP Job Manager plugin to the latest available version. The CSRF vulnerability allows attackers to execute unauthorized actions on behalf of an authenticated user. The update fixes this vulnerability.

CVE Security Newsletter

Vulnerability analysis and critical alerts directly to your inbox.

Frequently asked questions

What is CVE-2023-52212 — CSRF in WP Job Manager?

CVE-2023-52212 is a Cross-Site Request Forgery (CSRF) vulnerability in the WP Job Manager WordPress plugin, allowing attackers to perform unauthorized actions.

Am I affected by CVE-2023-52212 in WP Job Manager?

You are affected if you are using WP Job Manager version 2.0.0 or earlier. Upgrade to 2.0.1 to mitigate the risk.

How do I fix CVE-2023-52212 in WP Job Manager?

Upgrade the WP Job Manager plugin to version 2.0.1 or later. Consider WAF rules as a temporary mitigation.

Is CVE-2023-52212 being actively exploited?

There are currently no confirmed reports of active exploitation, but the ease of CSRF exploitation means it could be quickly exploited.

Where can I find the official WP Job Manager advisory for CVE-2023-52212?

Refer to the WP Job Manager plugin's official website or WordPress.org plugin repository for the latest security advisories.

Is your project affected?

Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.

Scan freeSearch CVEs