CVE-2026-24379
MEDIUMSeverity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
4DescriptionCVE.org
Authorization Bypass Through User-Controlled Key vulnerability in wpjobportal WP Job Portal wp-job-portal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Portal: from n/a through <= 2.4.3.
AnalysisAI
WP Job Portal has an authorization bypass through user-controlled keys allowing attackers to access other users' job applications and employer data.
Technical ContextAI
The WP Job Portal plugin has a CWE-639 authorization bypass through user-controlled key vulnerability, commonly known as Insecure Direct Object Reference (IDOR), allowing attackers to access other users' data by manipulating identifiers.
Affected ProductsAI
wpjobportal WP Job Portal WordPress plugin
RemediationAI
Update the plugin. Implement proper object-level authorization checks.
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today