42 matches found
CVE-2026-57653
Contributor SQL Injection in WP Job Portal = 2.5.2 versions...
CVE-2026-57653
CVE-2026-57653 describes a SQL Injection vulnerability in the WordPress plugin WP Job Portal (versions
EUVD-2026-36855
Subscriber Cross Site Scripting XSS in WP Job Portal = 2.5.2 versions...
CVE-2026-42685
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ahmad WP Job Portal allows Reflected XSS. This issue affects WP Job Portal: from n/a through 2.5.1...
CVE-2026-42684
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Ahmad WP Job Portal allows Blind SQL Injection. This issue affects WP Job Portal: from n/a through 2.5.1...
CVE-2026-42685
The CVE-2026-42685 entry concerns the WordPress plugin WP Job Portal (versions up to 2.5.1). The issue is a Reflected Cross-Site Scripting (XSS) vulnerability caused by improper neutralization of input during page generation. Affected product: WP Job Portal. Root cause: insufficient input handlin...
CVE-2026-42685
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ahmad WP Job Portal allows Reflected XSS. This issue affects WP Job Portal: from n/a through 2.5.1...
CVE-2026-42685 WordPress WP Job Portal plugin <= 2.5.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ahmad WP Job Portal allows Reflected XSS. This issue affects WP Job Portal: from n/a through 2.5.1...
PT-2026-45735
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Ahmad WP Job Portal allows Blind SQL Injection. This issue affects WP Job Portal: from n/a through 2.5.1...
CVE-2026-4758 WP Job Portal <= 2.4.9 - Authenticated (Subscriber+) Arbitrary File Deletion via Resume Custom File Field
The WP Job Portal plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'WPJOBPORTALcustomfields::removeFileCustom' function in all versions up to, and including, 2.4.9. This makes it possible for authenticated attackers, with Subscriber-lev...
PT-2026-28149
The WP Job Portal plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'WPJOBPORTALcustomfields::removeFileCustom' function in all versions up to, and including, 2.4.9. This makes it possible for authenticated attackers, with Subscriber-lev...
CVE-2026-24941
Missing Authorization vulnerability in wpjobportal WP Job Portal wp-job-portal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Portal: from n/a through = 2.4.4...
CVE-2026-24941
Missing Authorization vulnerability in wpjobportal WP Job Portal wp-job-portal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Portal: from n/a through = 2.4.4...
WordPress plugin WP Job Portal 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
PT-2026-21228
Name of the Vulnerable Software and Affected Versions WP Job Portal versions through 2.4.4 Description The WP Job Portal software contains a flaw related to incorrectly configured access control security levels, potentially allowing unauthorized access. The issue is a missing authorization check...
CVE-2026-24379
Authorization Bypass Through User-Controlled Key vulnerability in wpjobportal WP Job Portal wp-job-portal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Portal: from n/a through = 2.4.3...
CVE-2026-24379
Authorization Bypass Through User-Controlled Key vulnerability in wpjobportal WP Job Portal wp-job-portal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Portal: from n/a through = 2.4.3...
WordPress WP Job Portal plugin <= 2.2.6 - Insecure Direct Object Reference to Authenticated (Employer+) Arbitrary Job Deletion vulnerability
Insecure Direct Object Reference to Authenticated Employer+ Arbitrary Job Deletion vulnerability discovered by thevietronin - GalaxyOne in WordPress Plugin WP Job Portal versions = 2.2.6...
WordPress Wp Job Portal Arbitrary File Read Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. An arbitrary file read vulnerability exists in WordPress Wp Job Portal, which stems from improper handling of the downloadCustomUploadedFile function, and can be exploited ...
CVE-2025-14293
CVE-2025-14293 : WP Job Portal for WordPress suffers an Authenticated Arbitrary File Read in all versions up to 2.4.0 via the downloadCustomUploadedFile function. Exploitation requires Subscriber+ level access . Impact is exposure of sensitive server files; the Wordfence vulnerability report list...