Skip to main content

Wp Job Portal

22 CVEs product

Monthly

CVE-2026-12397 MEDIUM POC PATCH This Month

The WP Job Portal WordPress plugin before 2.5.5 does not verify ownership when returning an employer's contact email for a given job, allowing authenticated users with a subscriber-level (self-registerable) account to read other employers' private account email addresses by enumerating job identifiers.

WordPress Information Disclosure Wp Job Portal
NVD WPScan VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2026-12396 MEDIUM POC PATCH This Month

Missing authorization in WP Job Portal WordPress plugin before 2.5.5 allows any self-registered subscriber to approve, feature, or reject arbitrary job listings owned by other users, bypassing both capability and ownership checks entirely. The subscriber role is self-registerable on most WordPress sites, meaning an unauthenticated attacker can trivially obtain the access level needed to exploit this flaw with no admin interaction required. A publicly available proof-of-concept exists; no CISA KEV listing indicates confirmed mass exploitation at time of analysis.

Information Disclosure WordPress Wp Job Portal
NVD WPScan VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2026-48880 MEDIUM This Month

Stored Cross-Site Scripting in WP Job Portal WordPress plugin versions up to and including 2.5.2 allows authenticated Subscriber-level users to inject persistent malicious JavaScript payloads that execute in other users' browsers, including administrators. The CVSS S:C scope change confirms the injected script crosses the security boundary into victims' browser sessions, enabling session hijacking or unauthorized administrative actions. No public exploit code or CISA KEV listing has been identified at time of analysis, but the low privilege requirement makes this realistic on open-registration WordPress job-board deployments.

XSS Wp Job Portal
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-42685 HIGH This Week

Reflected cross-site scripting in the WP Job Portal WordPress plugin (versions up to and including 2.5.1) allows remote attackers to inject arbitrary JavaScript that executes in a victim's browser after they click a crafted link. The flaw has CVSS 7.1 elevated by scope change (S:C), meaning script execution can impact resources beyond the vulnerable component, such as the WordPress admin session. No public exploit identified at time of analysis and no CISA KEV listing.

XSS Wp Job Portal
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-42684 CRITICAL Act Now

Blind SQL injection in the WP Job Portal WordPress plugin (versions up to and including 2.5.1) allows remote unauthenticated attackers to manipulate backend database queries by sending crafted input to vulnerable parameters. The flaw carries a CVSS 9.3 rating due to network-reachable, no-privileges, no-user-interaction exploitation with scope change, and no public exploit code has been identified at time of analysis. The vulnerability was reported through Patchstack's WordPress security program, with no CISA KEV listing.

SQLi Wp Job Portal
NVD VulDB
CVSS 3.1
9.3
EPSS
0.0%
CVE-2024-13873 MEDIUM PATCH This Month

The WP Job Portal - A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.8. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

WordPress Authentication Bypass Wp Job Portal
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2024-13429 MEDIUM PATCH Monitor

The WP Job Portal - A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass WordPress Wp Job Portal
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-13428 MEDIUM PATCH This Month

The WP Job Portal - A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.6. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass WordPress Wp Job Portal
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-13425 MEDIUM PATCH Monitor

The WP Job Portal - A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass WordPress Wp Job Portal
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-13372 MEDIUM PATCH This Month

The WP Job Portal - A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.6. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass WordPress Wp Job Portal
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-13371 MEDIUM PATCH This Month

The WP Job Portal - A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to unauthorized arbitrary emails sending due to a missing capability check on the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Wp Job Portal
NVD GitHub
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-12131 MEDIUM Monitor

The WP Job Portal - A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.5. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Wp Job Portal
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-12132 MEDIUM PATCH Monitor

The WP Job Portal - A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass WordPress Wp Job Portal
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2024-11715 CRITICAL PATCH Act Now

The WP Job Portal - A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the assignUserRole(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Wp Job Portal
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-11714 MEDIUM PATCH This Month

The WP Job Portal - A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to SQL Injection via the 'ff' parameter of the getFieldsForVisibleCombobox(). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

SQLi WordPress Wp Job Portal
NVD GitHub
CVSS 3.1
4.9
EPSS
0.5%
CVE-2024-11713 MEDIUM PATCH This Month

The WP Job Portal - A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to SQL Injection via the 'page_id' parameter of the wpjobportal_deactivate(). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

SQLi WordPress Wp Job Portal
NVD GitHub
CVSS 3.1
4.9
EPSS
0.5%
CVE-2024-11712 MEDIUM PATCH This Month

The WP Job Portal - A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass WordPress Wp Job Portal
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-11711 HIGH PATCH This Week

The WP Job Portal - A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to SQL Injection via the 'resumeid' parameter in all versions up to, and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi WordPress Wp Job Portal
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-11710 MEDIUM PATCH This Month

The WP Job Portal - A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to SQL Injection via the 'fieldfor', 'visibleParent' and 'id' parameters in all. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

SQLi WordPress Wp Job Portal
NVD GitHub
CVSS 3.1
4.9
EPSS
0.5%
CVE-2024-7950 CRITICAL PATCH Act Now

The WP Job Portal - A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Local File Inclusion, Arbitrary Settings Update, and User Creation in all. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal PHP WordPress RCE Information Disclosure +1
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-41786 MEDIUM This Month

Missing Authorization vulnerability in WP Job Portal WP Job Portal - A Complete Job Board.0.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Wp Job Portal
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-4490 CRITICAL POC Act Now

The WP Job Portal WordPress plugin before 2.0.6 does not sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Wp Job Portal
NVD WPScan
CVSS 3.1
9.8
EPSS
3.1%
EPSS 0% CVSS 4.3
MEDIUM POC PATCH This Month

The WP Job Portal WordPress plugin before 2.5.5 does not verify ownership when returning an employer's contact email for a given job, allowing authenticated users with a subscriber-level (self-registerable) account to read other employers' private account email addresses by enumerating job identifiers.

WordPress Information Disclosure Wp Job Portal
NVD WPScan VulDB
EPSS 0% CVSS 5.4
MEDIUM POC PATCH This Month

Missing authorization in WP Job Portal WordPress plugin before 2.5.5 allows any self-registered subscriber to approve, feature, or reject arbitrary job listings owned by other users, bypassing both capability and ownership checks entirely. The subscriber role is self-registerable on most WordPress sites, meaning an unauthenticated attacker can trivially obtain the access level needed to exploit this flaw with no admin interaction required. A publicly available proof-of-concept exists; no CISA KEV listing indicates confirmed mass exploitation at time of analysis.

Information Disclosure WordPress Wp Job Portal
NVD WPScan VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

Stored Cross-Site Scripting in WP Job Portal WordPress plugin versions up to and including 2.5.2 allows authenticated Subscriber-level users to inject persistent malicious JavaScript payloads that execute in other users' browsers, including administrators. The CVSS S:C scope change confirms the injected script crosses the security boundary into victims' browser sessions, enabling session hijacking or unauthorized administrative actions. No public exploit code or CISA KEV listing has been identified at time of analysis, but the low privilege requirement makes this realistic on open-registration WordPress job-board deployments.

XSS Wp Job Portal
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Reflected cross-site scripting in the WP Job Portal WordPress plugin (versions up to and including 2.5.1) allows remote attackers to inject arbitrary JavaScript that executes in a victim's browser after they click a crafted link. The flaw has CVSS 7.1 elevated by scope change (S:C), meaning script execution can impact resources beyond the vulnerable component, such as the WordPress admin session. No public exploit identified at time of analysis and no CISA KEV listing.

XSS Wp Job Portal
NVD VulDB
EPSS 0% CVSS 9.3
CRITICAL Act Now

Blind SQL injection in the WP Job Portal WordPress plugin (versions up to and including 2.5.1) allows remote unauthenticated attackers to manipulate backend database queries by sending crafted input to vulnerable parameters. The flaw carries a CVSS 9.3 rating due to network-reachable, no-privileges, no-user-interaction exploitation with scope change, and no public exploit code has been identified at time of analysis. The vulnerability was reported through Patchstack's WordPress security program, with no CISA KEV listing.

SQLi Wp Job Portal
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

The WP Job Portal - A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.8. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

WordPress Authentication Bypass Wp Job Portal
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH Monitor

The WP Job Portal - A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass WordPress Wp Job Portal
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

The WP Job Portal - A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.6. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass WordPress Wp Job Portal
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH Monitor

The WP Job Portal - A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass WordPress Wp Job Portal
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

The WP Job Portal - A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.6. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass WordPress Wp Job Portal
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

The WP Job Portal - A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to unauthorized arbitrary emails sending due to a missing capability check on the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Wp Job Portal
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM Monitor

The WP Job Portal - A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.5. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Wp Job Portal
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH Monitor

The WP Job Portal - A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass WordPress Wp Job Portal
NVD
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

The WP Job Portal - A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the assignUserRole(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Wp Job Portal
NVD GitHub
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

The WP Job Portal - A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to SQL Injection via the 'ff' parameter of the getFieldsForVisibleCombobox(). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

SQLi WordPress Wp Job Portal
NVD GitHub
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

The WP Job Portal - A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to SQL Injection via the 'page_id' parameter of the wpjobportal_deactivate(). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

SQLi WordPress Wp Job Portal
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

The WP Job Portal - A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass WordPress Wp Job Portal
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

The WP Job Portal - A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to SQL Injection via the 'resumeid' parameter in all versions up to, and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi WordPress Wp Job Portal
NVD GitHub
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

The WP Job Portal - A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to SQL Injection via the 'fieldfor', 'visibleParent' and 'id' parameters in all. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

SQLi WordPress Wp Job Portal
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

The WP Job Portal - A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Local File Inclusion, Arbitrary Settings Update, and User Creation in all. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal PHP WordPress +3
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Missing Authorization vulnerability in WP Job Portal WP Job Portal - A Complete Job Board.0.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Wp Job Portal
NVD
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

The WP Job Portal WordPress plugin before 2.0.6 does not sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Wp Job Portal
NVD WPScan

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy