CVE-2026-42685 WordPress WP Job Portal plugin <= 2.5.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ahmad WP Job Portal allows Reflected XSS. This issue affects WP Job Portal: from n/a through 2.5.1...

CVE-2026-4306

The WP Job Portal plugin for WordPress is vulnerable to SQL Injection via the 'radius' parameter in all versions up to, and including, 2.4.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

EUVD-2026-16052

The WP Job Portal plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'WPJOBPORTALcustomfields::removeFileCustom' function in all versions up to, and including, 2.4.9. This makes it possible for authenticated attackers, with Subscriber-lev...

CVE-2026-24941 WordPress WP Job Portal plugin <= 2.4.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in wpjobportal WP Job Portal wp-job-portal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Portal: from n/a through = 2.4.4...

WordPress WP Job Portal plugin <= 2.4.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by benzdeus in WordPress Plugin WP Job Portal versions = 2.4.4...

WordPress WP Job Portal plugin <= 2.2.2 - Missing Authorization to Limited Privilege Escalation vulnerability

Missing Authorization to Limited Privilege Escalation vulnerability discovered by thevietronin - GalaxyOne in WordPress Plugin WP Job Portal versions = 2.2.2...

WordPress Client Portal plugin <= 1.2.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Client Portal versions = 1.2.1...

WordPress plugin WP Job Portal 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2025-14293 WP Job Portal <= 2.4.0 - Authenticated (Subscriber+) Arbitrary File Read

The WP Job Portal plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 2.4.0 via the 'downloadCustomUploadedFile' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary file...

PT-2025-50726

The WP Job Portal plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 2.4.0 via the 'downloadCustomUploadedFile' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary file...

CVE-2025-11985

The Realty Portal plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'rpsavepropertysettings' function in versions 0.1 to 0.4.1. This makes it possible for authenticated attackers, with...

EUVD-2024-51596

Malicious code in bioql PyPI...

EUVD-2023-1266

Malicious code in bioql PyPI...

EUVD-2023-1265

Malicious code in bioql PyPI...

CVE-2024-11713

The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to SQL Injection via the 'pageid' parameter of the wpjobportaldeactivate function in all versions up to, and including, 2.2.2 due to insufficient escaping on the user supplied...

CVE-2023-30524

Jenkins Report Portal Plugin 0.5 and earlier does not mask ReportPortal access tokens displayed on the configuration form, increasing the potential for attackers to observe and capture them...

CVE-2023-30525

A cross-site request forgery CSRF vulnerability in Jenkins Report Portal Plugin 0.5 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified bearer token authentication...

CVE-2023-30523

Jenkins Report Portal Plugin 0.5 and earlier stores ReportPortal access tokens unencrypted in job config.xml files on the Jenkins controller as part of its configuration where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

CVE-2023-30526

A missing permission check in Jenkins Report Portal Plugin 0.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified bearer token authentication...

WordPress plugin WP Job Portal 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...