CVE-2023-23715 – CVE-2023-23715 is a missing authorization vulne... (How to Fix)

Q: What is the severity of CVE-2023-23715?

CVE-2023-23715 has a CVSS score of 5.2 (MEDIUM). CVE-2023-23715 is a missing authorization vulnerability in JobBoardWP WordPress plugin that allows attackers to delete job listings without proper authentication. This affects all WordPress sites running JobBoardWP plugin versions up to 1.2.2. The vulnerability stems from improper access control on job deletion endpoints.

📋 TL;DR

CVE-2023-23715 is a missing authorization vulnerability in JobBoardWP WordPress plugin that allows attackers to delete job listings without proper authentication. This affects all WordPress sites running JobBoardWP plugin versions up to 1.2.2. The vulnerability stems from improper access control on job deletion endpoints.

💻 Affected Systems

Products:

JobBoardWP – Job Board Listings and Submissions WordPress plugin

Versions: n/a through 1.2.2

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: All WordPress installations with vulnerable JobBoardWP plugin versions are affected regardless of configuration.

📦 What is this software?

Jobboardwp by Ultimatemember

View all CVEs affecting Jobboardwp →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could delete all job listings on the site, disrupting business operations and causing data loss for job board administrators and applicants.

🟠

Likely Case

Unauthorized users deleting job postings, causing disruption to job board functionality and requiring manual restoration from backups.

🟢

If Mitigated

With proper authorization checks, only authenticated administrators can delete job listings, preventing unauthorized modifications.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability is an IDOR (Insecure Direct Object Reference) that requires minimal technical skill to exploit via crafted HTTP requests.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.2.3

Vendor Advisory: https://patchstack.com/database/wordpress/plugin/jobboardwp/vulnerability/wordpress-jobboardwp-job-board-listings-and-submissions-plugin-1-2-2-idor-leading-to-job-removal-vulnerability?_s_id=cve

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find JobBoardWP plugin. 4. Click 'Update Now' if available. 5. Alternatively, download version 1.2.3+ from WordPress repository and manually update.

🔧 Temporary Workarounds

Temporary Plugin Deactivation

all

Disable the JobBoardWP plugin until patched to prevent exploitation

wp plugin deactivate jobboardwp

Web Application Firewall Rule

all

Block unauthorized DELETE requests to jobboardwp endpoints

# WAF rule to block: DELETE /wp-admin/admin-ajax.php?action=jb_delete_job

🧯 If You Can't Patch

Implement strict access controls at web server level to restrict DELETE method on jobboardwp endpoints
Enable comprehensive logging and monitoring for unauthorized job deletion attempts

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin → Plugins → JobBoardWP version. If version is 1.2.2 or lower, you are vulnerable.

Check Version:

wp plugin get jobboardwp --field=version

Verify Fix Applied:

Verify JobBoardWP plugin version is 1.2.3 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

Multiple DELETE requests to /wp-admin/admin-ajax.php with action=jb_delete_job from unauthenticated users
Unexpected job deletions in JobBoardWP logs

Network Indicators:

HTTP DELETE requests to jobboardwp endpoints without authentication headers
Unusual traffic patterns to admin-ajax.php

SIEM Query:

source="web_server" AND (uri_path="/wp-admin/admin-ajax.php" AND method="DELETE" AND query_string="*action=jb_delete_job*")

📊 Metadata

CVE ID: CVE-2023-23715

CVSS v3 Score: 5.2 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H

CWE: CWE-862

Published: December 9, 2024

Last Updated: February 3, 2025

🔗 References

https://patchstack.com/database/wordpress/plugin/jobboardwp/vulnerability/wordpress-jobboardwp-job-board-listings-and-submissions-plugin-1-2-2-idor-leading-to-job-removal-vulnerability?_s_id=cve Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-23715, you might also want to check these: