Skip to main content

Wp Job Portal CVE-2024-11712

MEDIUM
Exposure of Private Personal Information to an Unauthorized Actor (CWE-359)
2024-12-14 security@wordfence.com
5.3
CVSS 3.1 · Vendor: wordfence
Share

Severity by source

Vendor (wordfence) PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Primary rating from Vendor (wordfence) · only source for this CVE.

CVSS VectorVendor: wordfence

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Dec 14, 2024 - 07:15 cve.org
MEDIUM 5.3

DescriptionCVE.org

The WP Job Portal - A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getResumeFileDownloadById() function in all versions up to, and including, 2.2.2. This makes it possible for unauthenticated attackers to download other users resumes.

AnalysisAI

The WP Job Portal - A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-359. The WP Job Portal - A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getResumeFileDownloadById() function in all versions up to, and including, 2.2.2. This makes it possible for unauthenticated attackers to download other users resumes. Affected products include: Wpjobportal Wp Job Portal.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2023-4490 CRITICAL POC
9.8 Sep 25

The WP Job Portal WordPress plugin before 2.0.6 does not sanitise and escape a parameter before using it in a SQL statem

CVE-2024-11715 CRITICAL
9.8 Dec 14

The WP Job Portal - A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to

CVE-2024-7950 CRITICAL
9.8 Sep 04

The WP Job Portal - A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to

CVE-2026-12396 MEDIUM POC
5.4 Jul 13

Missing authorization in WP Job Portal WordPress plugin before 2.5.5 allows any self-registered subscriber to approve, f

CVE-2026-42684 CRITICAL
9.3 Jun 02

Blind SQL injection in the WP Job Portal WordPress plugin (versions up to and including 2.5.1) allows remote unauthentic

CVE-2026-12397 MEDIUM POC
4.3 Jul 13

The WP Job Portal WordPress plugin before 2.5.5 does not verify ownership when returning an employer's contact email fo

CVE-2024-11711 HIGH
7.5 Dec 14

The WP Job Portal - A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to

CVE-2026-42685 HIGH
7.1 Jun 02

Reflected cross-site scripting in the WP Job Portal WordPress plugin (versions up to and including 2.5.1) allows remote

CVE-2026-48880 MEDIUM
6.5 Jun 15

Stored Cross-Site Scripting in WP Job Portal WordPress plugin versions up to and including 2.5.2 allows authenticated Su

CVE-2022-41786 MEDIUM
5.4 Jan 17

Missing Authorization vulnerability in WP Job Portal WP Job Portal - A Complete Job Board.0.1. Rated medium severity (CV

CVE-2024-11714 MEDIUM
4.9 Dec 14

The WP Job Portal - A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to

CVE-2024-11713 MEDIUM
4.9 Dec 14

The WP Job Portal - A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to

Share

CVE-2024-11712 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy