Primary

Context

Civi Job Board and Freelance Marketplace WordPress Theme Sensitive Information Exposure Vulnerability

Vulnerability

A vulnerability allowing sensitive information exposure exists in the Civi - Job Board & Freelance Marketplace WordPress Theme plugin, affecting all versions through 2.1.4. The issue arises from hard-coded credentials, which enable unauthenticated attackers to access sensitive data, including LinkedIn client and secret keys.

Impact

Exploitation of this vulnerability allows unauthenticated attackers to access sensitive information, specifically LinkedIn client and secret keys.

Remediation

There is no known patch available for this vulnerability. It is recommended to review the vulnerability details thoroughly and consider mitigations based on your organization's risk tolerance. Uninstalling the affected theme and finding a replacement may be the best course of action.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.1

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.1

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Civi Job Board and Freelance Marketplace WordPress Theme Sensitive Information Exposure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating