The themeglow JobBoard Job listing plugin (job-board-light) up to version 1.2.8 suffers from a missing authorization vulnerability (CVE-2025-31834). This vulnerability arises from incorrectly configured access control security levels, allowing unauthorized access to certain job listing functionalities. The CVSS 3.1 base score is 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N), reflecting network attack vector, low attack complexity, no privileges or user interaction required, unchanged scope, and limited confidentiality impact. There are no known exploits in the wild and no patch or vendor advisory currently available. The vulnerability affects on-premises deployments of the plugin.

The vulnerability allows unauthorized users to access job listing features without proper authorization, potentially exposing limited confidential information. There is no impact on integrity or availability reported. The medium CVSS score reflects the confidentiality impact and ease of exploitation over the network without authentication.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official patch or advisory is currently available, users should monitor themeglow's communications for updates. As a precaution, review and tighten access control configurations on the JobBoard plugin to limit unauthorized access until a fix is released.