Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

wpjobportal — Vulnerabilities & Security Advisories 30

Browse all 30 CVE security advisories affecting wpjobportal. AI-powered Chinese analysis, POCs, and references for each vulnerability.

wpjobportal is a WordPress plugin designed to facilitate job board creation, allowing administrators to manage job listings, applications, and user roles. With thirty recorded Common Vulnerabilities and Exposures (CVEs), it has historically suffered from severe security flaws, including Remote Code Execution (RCE), Cross-Site Scripting (XSS), and SQL Injection. These vulnerabilities often stem from insufficient input validation and improper access controls, enabling attackers to escalate privileges or execute arbitrary code on affected servers. Notable incidents involve unauthenticated access to sensitive administrative functions, compromising site integrity and user data. The high volume of CVEs indicates persistent issues in code quality and security auditing. Organizations relying on this software face significant risks, necessitating immediate updates or alternative solutions to mitigate potential exploitation and ensure the protection of sensitive job market data and user information.

Top products by wpjobportal: WP Job Portal – AI-Powered Recruitment System for Company or Job Board website WP Job Portal
CVE IDTitleCVSSSeverityPublished
CVE-2026-4758 WP Job Portal <= 2.4.9 - Authenticated (Subscriber+) Arbitrary File Deletion via Resume Custom File Field — WP Job Portal – AI-Powered Recruitment System for Company or Job Board websiteCWE-22 8.8 High2026-03-25
CVE-2026-4306 WP Job Portal <= 2.4.8 - Unauthenticated SQL Injection via 'radius' Parameter — WP Job Portal – AI-Powered Recruitment System for Company or Job Board websiteCWE-89 7.5 High2026-03-23
CVE-2026-24941 WordPress WP Job Portal plugin <= 2.4.4 - Broken Access Control vulnerability — WP Job PortalCWE-862 7.5 High2026-02-20
CVE-2026-24379 WordPress WP Job Portal plugin <= 2.4.3 - Insecure Direct Object References (IDOR) vulnerability — WP Job PortalCWE-639 4.3 Medium2026-01-22
CVE-2025-14467 WP Job Portal <= 2.4.4 - Authenticated (Editor+) Stored Cross-Site Scripting via Job Description Field — WP Job Portal – AI-Powered Recruitment System for Company or Job Board websiteCWE-79 4.4 Medium2025-12-12
CVE-2025-14293 WP Job Portal <= 2.4.0 - Authenticated (Subscriber+) Arbitrary File Read — WP Job Portal – AI-Powered Recruitment System for Company or Job Board websiteCWE-22 6.5 Medium2025-12-11
CVE-2025-48274 WordPress WP Job Portal plugin <= 2.3.2 - SQL Injection Vulnerability — WP Job PortalCWE-89 9.3 Critical2025-06-17
CVE-2025-47438 WordPress WP Job Portal plugin <= 2.3.1 - Local File Inclusion vulnerability — WP Job PortalCWE-98 8.1 High2025-05-23
CVE-2025-48273 WordPress WP Job Portal plugin <= 2.3.2 - Arbitrary File Download Vulnerability — WP Job PortalCWE-22 7.5 High2025-05-23
CVE-2025-48272 WordPress WP Job Portal plugin <= 2.3.2 - Insecure Direct Object References (IDOR) Vulnerability — WP Job PortalCWE-862 5.3 Medium2025-05-19
CVE-2025-26935 WordPress WP Job Portal plugin <= 2.2.8 - Local File Inclusion vulnerability — WP Job PortalCWE-35 7.5 High2025-02-25
CVE-2024-13873 WP Job Portal <= 2.2.8 - Insecure Direct Object Reference to Authenticated (Subscriber+) User Photo Disconnection — WP Job Portal – AI-Powered Recruitment System for Company or Job Board websiteCWE-639 4.3 Medium2025-02-22
CVE-2024-13372 WP Job Portal <= 2.2.6 - Insecure Direct Object Reference to Unauthenticated Arbitrary Resume Download — WP Job Portal – AI-Powered Recruitment System for Company or Job Board websiteCWE-639 5.3 Medium2025-02-01
CVE-2024-13371 WP Job Portal <= 2.2.6 - Missing Authorization to Unauthenticated Arbitrary Email Sending — WP Job Portal – AI-Powered Recruitment System for Company or Job Board websiteCWE-862 5.3 Medium2025-02-01
CVE-2024-13425 WP Job Portal <= 2.2.6 - Insecure Direct Object Reference to Authenticated (Employer+) Arbitrary Company Deletion — WP Job Portal – AI-Powered Recruitment System for Company or Job Board websiteCWE-639 4.3 Medium2025-02-01
CVE-2024-13428 WP Job Portal <= 2.2.6 - Insecure Direct Object Reference to Unauthenticated Company Logo Deletion — WP Job Portal – AI-Powered Recruitment System for Company or Job Board websiteCWE-639 5.3 Medium2025-02-01
CVE-2024-13429 WP Job Portal <= 2.2.6 - Insecure Direct Object Reference to Authenticated (Employer+) Arbitrary Job Deletion — WP Job Portal – AI-Powered Recruitment System for Company or Job Board websiteCWE-639 4.3 Medium2025-02-01
CVE-2024-12131 WP Job Portal – A Complete Recruitment System for Company or Job Board website <= 2.2.5- Authenticated (Subscriber+) Insecure Direct Object Reference — WP Job Portal – AI-Powered Recruitment System for Company or Job Board websiteCWE-639 4.3 Medium2025-01-07
CVE-2024-12132 WP Job Portal – A Complete Recruitment System for Company or Job Board website <= 2.2.4 - Authenticated (Subscriber+) Insecure Direct Object Reference — WP Job Portal – AI-Powered Recruitment System for Company or Job Board websiteCWE-639 4.3 Medium2025-01-03
CVE-2024-11712 WP Job Portal <= 2.2.2 - Missing Authorization to Unauthenticated Arbitrary Resume Download — WP Job Portal – AI-Powered Recruitment System for Company or Job Board websiteCWE-359 5.3 Medium2024-12-14
CVE-2024-11711 WP Job Portal <= 2.2.1 - Unauthenticated SQL Injection — WP Job Portal – AI-Powered Recruitment System for Company or Job Board websiteCWE-89 7.5 High2024-12-14
CVE-2024-11710 WP Job Portal <= 2.2.2 - Authenticated (Admin+) SQL Injection — WP Job Portal – AI-Powered Recruitment System for Company or Job Board websiteCWE-89 4.9 Medium2024-12-14
CVE-2024-11714 WP Job Portal <= 2.2.2 - Authenticated (Admin+) SQL Injection via getFieldsForVisibleCombobox() — WP Job Portal – AI-Powered Recruitment System for Company or Job Board websiteCWE-89 4.9 Medium2024-12-14
CVE-2024-11715 WP Job Portal <= 2.2.2 - Missing Authorization to Limited Privilege Escalation — WP Job Portal – AI-Powered Recruitment System for Company or Job Board websiteCWE-862 4.8 Medium2024-12-14
CVE-2024-11713 WP Job Portal <= 2.2.2 - Authenticated (Admin+) SQL Injection via wpjobportal_deactivate() — WP Job Portal – AI-Powered Recruitment System for Company or Job Board websiteCWE-89 4.9 Medium2024-12-14
CVE-2024-52389 WordPress WP Job Portal plugin <= 2.2.0 - Cross Site Scripting (XSS) vulnerability — WP Job PortalCWE-79 6.5 Medium2024-11-18
CVE-2024-7950 WP Job Portal <= 2.1.6 - Missing Authorization to Unauthenticated Local File Inclusion, Arbitrary Settings Update, and User Creation — WP Job Portal – AI-Powered Recruitment System for Company or Job Board websiteCWE-22 9.8 Critical2024-09-04
CVE-2024-43266 WordPress WP Job Portal plugin <= 2.1.8 - Insecure Direct Object References (IDOR) vulnerability — WP Job PortalCWE-639 5.4 Medium2024-08-18
CVE-2024-35759 WordPress WP Job Portal plugin <= 2.1.3 - Cross Site Scripting (XSS) vulnerability — WP Job PortalCWE-79 5.9 Medium2024-06-21
CVE-2024-35760 WordPress WP Job Portal plugin <= 2.1.3 - Cross Site Scripting (XSS) vulnerability — WP Job PortalCWE-79 5.9 Medium2024-06-21

This page lists every published CVE security advisory associated with wpjobportal. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.