Lucene search
K

61 matches found

Vulnrichment
Vulnrichment
added 2026/06/02 10:43 a.m.10 views

CVE-2026-42685 WordPress WP Job Portal plugin <= 2.5.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ahmad WP Job Portal allows Reflected XSS. This issue affects WP Job Portal: from n/a through 2.5.1...

7.1CVSS5.8AI score0.00146EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.6 views

WordPress plugin WP Job Portal SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

9.3CVSS5.8AI score0.00299EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 2:58 p.m.4 views

CVE-2026-4306

The WP Job Portal plugin for WordPress is vulnerable to SQL Injection via the 'radius' parameter in all versions up to, and including, 2.4.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

7.5CVSS5.9AI score0.00409EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/26 12:30 a.m.4 views

EUVD-2026-16052

The WP Job Portal plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'WPJOBPORTALcustomfields::removeFileCustom' function in all versions up to, and including, 2.4.9. This makes it possible for authenticated attackers, with Subscriber-lev...

8.8CVSS6.6AI score0.0078EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/20 3:47 p.m.21 views

CVE-2026-24941 WordPress WP Job Portal plugin <= 2.4.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in wpjobportal WP Job Portal wp-job-portal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Portal: from n/a through = 2.4.4...

7.5CVSS0.00248EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/02/03 9:55 a.m.6 views

WordPress WP Job Portal plugin <= 2.4.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by benzdeus in WordPress Plugin WP Job Portal versions = 2.4.4...

7.5CVSS5.3AI score0.00248EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/03 9:18 a.m.6 views

WordPress WP Job Portal plugin <= 2.2.2 - Missing Authorization to Limited Privilege Escalation vulnerability

Missing Authorization to Limited Privilege Escalation vulnerability discovered by thevietronin - GalaxyOne in WordPress Plugin WP Job Portal versions = 2.2.2...

9.8CVSS5.4AI score0.0045EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/16 7:14 a.m.4 views

WordPress Client Portal plugin <= 1.2.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Client Portal versions = 1.2.1...

4.3CVSS5.4AI score0.00185EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2025/12/12 12:0 a.m.5 views

WordPress plugin WP Job Portal 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

4.4CVSS5.6AI score0.00203EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2025/12/11 8:22 p.m.3 views

CVE-2025-14293 WP Job Portal <= 2.4.0 - Authenticated (Subscriber+) Arbitrary File Read

The WP Job Portal plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 2.4.0 via the 'downloadCustomUploadedFile' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary file...

6.5CVSS5.5AI score0.00307EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/11 12:0 a.m.7 views

PT-2025-50726

The WP Job Portal plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 2.4.0 via the 'downloadCustomUploadedFile' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary file...

6.5CVSS5.9AI score0.00307EPSS
Exploits0References3
NVD
NVD
added 2025/11/21 8:15 a.m.6 views

CVE-2025-11985

The Realty Portal plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'rpsavepropertysettings' function in versions 0.1 to 0.4.1. This makes it possible for authenticated attackers, with...

8.8CVSS0.00332EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-1265

Malicious code in bioql PyPI...

8.8CVSS8.4AI score0.0078EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-51596

Malicious code in bioql PyPI...

4.3CVSS9.2AI score0.00342EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-1266

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00542EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 6:57 a.m.17 views

CVE-2024-11713

The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to SQL Injection via the 'pageid' parameter of the wpjobportaldeactivate function in all versions up to, and including, 2.2.2 due to insufficient escaping on the user supplied...

4.9CVSS7.3AI score0.00451EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:43 a.m.12 views

CVE-2023-30524

Jenkins Report Portal Plugin 0.5 and earlier does not mask ReportPortal access tokens displayed on the configuration form, increasing the potential for attackers to observe and capture them...

4.3CVSS6.7AI score0.00431EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:43 a.m.10 views

CVE-2023-30525

A cross-site request forgery CSRF vulnerability in Jenkins Report Portal Plugin 0.5 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified bearer token authentication...

8.8CVSS6.8AI score0.0078EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:42 a.m.8 views

CVE-2023-30523

Jenkins Report Portal Plugin 0.5 and earlier stores ReportPortal access tokens unencrypted in job config.xml files on the Jenkins controller as part of its configuration where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

4.3CVSS6.7AI score0.00323EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:11 a.m.9 views

CVE-2023-30526

A missing permission check in Jenkins Report Portal Plugin 0.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified bearer token authentication...

6.5CVSS6.6AI score0.00542EPSS
Exploits0References1
Rows per page
Query Builder