Search criteria
ⓘ
Use full-text search for keyword queries.
Combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by dates instead of relevance.
22 vulnerabilities found for WP Job Portal by wpjobportal
CVE-2026-24941 (GCVE-0-2026-24941)
Vulnerability from nvd – Published: 2026-02-20 15:47 – Updated: 2026-04-01 14:14
VLAI?
Title
WordPress WP Job Portal plugin <= 2.4.4 - Broken Access Control vulnerability
Summary
Missing Authorization vulnerability in wpjobportal WP Job Portal wp-job-portal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Portal: from n/a through <= 2.4.4.
Severity ?
7.5 (High)
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| wpjobportal | WP Job Portal |
Affected:
0 , ≤ 2.4.4
(custom)
|
Date Public ?
2026-04-01 16:04
Credits
benzdeus | Patchstack Bug Bounty Program
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-24941",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-20T19:03:32.109624Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-20T19:03:40.603Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "wp-job-portal",
"product": "WP Job Portal",
"vendor": "wpjobportal",
"versions": [
{
"changes": [
{
"at": "2.4.5",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "benzdeus | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:04:55.023Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authorization vulnerability in wpjobportal WP Job Portal wp-job-portal allows Exploiting Incorrectly Configured Access Control Security Levels.\u003cp\u003eThis issue affects WP Job Portal: from n/a through \u003c= 2.4.4.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in wpjobportal WP Job Portal wp-job-portal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Portal: from n/a through \u003c= 2.4.4."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T14:14:31.155Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/wp-job-portal/vulnerability/wordpress-wp-job-portal-plugin-2-4-4-broken-access-control-vulnerability?_s_id=cve"
}
],
"title": "WordPress WP Job Portal plugin \u003c= 2.4.4 - Broken Access Control vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2026-24941",
"datePublished": "2026-02-20T15:47:07.258Z",
"dateReserved": "2026-01-28T09:50:05.801Z",
"dateUpdated": "2026-04-01T14:14:31.155Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-24379 (GCVE-0-2026-24379)
Vulnerability from nvd – Published: 2026-01-22 16:52 – Updated: 2026-04-01 14:14
VLAI?
Title
WordPress WP Job Portal plugin <= 2.4.3 - Insecure Direct Object References (IDOR) vulnerability
Summary
Authorization Bypass Through User-Controlled Key vulnerability in wpjobportal WP Job Portal wp-job-portal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Portal: from n/a through <= 2.4.3.
Severity ?
9.1 (Critical)
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| wpjobportal | WP Job Portal |
Affected:
0 , ≤ 2.4.3
(custom)
|
Date Public ?
2026-04-01 16:05
Credits
Nabil Irawan | Patchstack Bug Bounty Program
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-24379",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-23T16:47:18.323677Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-26T18:54:05.541Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "wp-job-portal",
"product": "WP Job Portal",
"vendor": "wpjobportal",
"versions": [
{
"changes": [
{
"at": "2.4.4",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.4.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Nabil Irawan | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:05:18.253Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authorization Bypass Through User-Controlled Key vulnerability in wpjobportal WP Job Portal wp-job-portal allows Exploiting Incorrectly Configured Access Control Security Levels.\u003cp\u003eThis issue affects WP Job Portal: from n/a through \u003c= 2.4.3.\u003c/p\u003e"
}
],
"value": "Authorization Bypass Through User-Controlled Key vulnerability in wpjobportal WP Job Portal wp-job-portal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Portal: from n/a through \u003c= 2.4.3."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T14:14:09.921Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/wp-job-portal/vulnerability/wordpress-wp-job-portal-plugin-2-4-3-insecure-direct-object-references-idor-vulnerability?_s_id=cve"
}
],
"title": "WordPress WP Job Portal plugin \u003c= 2.4.3 - Insecure Direct Object References (IDOR) vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2026-24379",
"datePublished": "2026-01-22T16:52:46.322Z",
"dateReserved": "2026-01-22T14:42:40.516Z",
"dateUpdated": "2026-04-01T14:14:09.921Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-48274 (GCVE-0-2025-48274)
Vulnerability from nvd – Published: 2025-06-17 15:01 – Updated: 2026-04-01 15:54
VLAI?
Title
WordPress WP Job Portal plugin <= 2.3.2 - SQL Injection Vulnerability
Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpjobportal WP Job Portal wp-job-portal allows Blind SQL Injection.This issue affects WP Job Portal: from n/a through <= 2.3.2.
Severity ?
No CVSS data available.
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| wpjobportal | WP Job Portal |
Affected:
0 , ≤ 2.3.2
(custom)
|
Date Public ?
2026-04-01 16:40
Credits
LVT-tholv2k | Patchstack Bug Bounty Program
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48274",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-17T18:31:58.944313Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T18:37:55.642Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "wp-job-portal",
"product": "WP Job Portal",
"vendor": "wpjobportal",
"versions": [
{
"changes": [
{
"at": "2.3.3",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.3.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "LVT-tholv2k | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:40:49.612Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in wpjobportal WP Job Portal wp-job-portal allows Blind SQL Injection.\u003cp\u003eThis issue affects WP Job Portal: from n/a through \u003c= 2.3.2.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in wpjobportal WP Job Portal wp-job-portal allows Blind SQL Injection.This issue affects WP Job Portal: from n/a through \u003c= 2.3.2."
}
],
"impacts": [
{
"capecId": "CAPEC-7",
"descriptions": [
{
"lang": "en",
"value": "Blind SQL Injection"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T15:54:30.071Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/wp-job-portal/vulnerability/wordpress-wp-job-portal-2-3-2-sql-injection-vulnerability?_s_id=cve"
}
],
"title": "WordPress WP Job Portal plugin \u003c= 2.3.2 - SQL Injection Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-48274",
"datePublished": "2025-06-17T15:01:31.321Z",
"dateReserved": "2025-05-19T14:13:24.501Z",
"dateUpdated": "2026-04-01T15:54:30.071Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-48273 (GCVE-0-2025-48273)
Vulnerability from nvd – Published: 2025-05-23 12:43 – Updated: 2026-04-01 15:54
VLAI?
Title
WordPress WP Job Portal plugin <= 2.3.2 - Arbitrary File Download Vulnerability
Summary
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in wpjobportal WP Job Portal wp-job-portal allows Path Traversal.This issue affects WP Job Portal: from n/a through <= 2.3.2.
Severity ?
No CVSS data available.
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| wpjobportal | WP Job Portal |
Affected:
0 , ≤ 2.3.2
(custom)
|
Date Public ?
2026-04-01 16:40
Credits
LVT-tholv2k | Patchstack Bug Bounty Program
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48273",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-27T14:35:56.250192Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-27T14:36:01.416Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "wp-job-portal",
"product": "WP Job Portal",
"vendor": "wpjobportal",
"versions": [
{
"changes": [
{
"at": "2.3.3",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.3.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "LVT-tholv2k | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:40:48.548Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability in wpjobportal WP Job Portal wp-job-portal allows Path Traversal.\u003cp\u003eThis issue affects WP Job Portal: from n/a through \u003c= 2.3.2.\u003c/p\u003e"
}
],
"value": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability in wpjobportal WP Job Portal wp-job-portal allows Path Traversal.This issue affects WP Job Portal: from n/a through \u003c= 2.3.2."
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "Path Traversal"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T15:54:29.762Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/wp-job-portal/vulnerability/wordpress-wp-job-portal-2-3-2-arbitrary-file-download-vulnerability?_s_id=cve"
}
],
"title": "WordPress WP Job Portal plugin \u003c= 2.3.2 - Arbitrary File Download Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-48273",
"datePublished": "2025-05-23T12:43:16.413Z",
"dateReserved": "2025-05-19T14:13:24.501Z",
"dateUpdated": "2026-04-01T15:54:29.762Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-47438 (GCVE-0-2025-47438)
Vulnerability from nvd – Published: 2025-05-23 12:43 – Updated: 2026-04-01 15:53
VLAI?
Title
WordPress WP Job Portal plugin <= 2.3.1 - Local File Inclusion vulnerability
Summary
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wpjobportal WP Job Portal wp-job-portal allows PHP Local File Inclusion.This issue affects WP Job Portal: from n/a through <= 2.3.1.
Severity ?
No CVSS data available.
CWE
- CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| wpjobportal | WP Job Portal |
Affected:
0 , ≤ 2.3.1
(custom)
|
Date Public ?
2026-04-01 16:39
Credits
Trương Hữu Phúc (truonghuuphuc) | Patchstack Bug Bounty Program
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-47438",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-23T14:55:09.833093Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-23T14:55:15.452Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "wp-job-portal",
"product": "WP Job Portal",
"vendor": "wpjobportal",
"versions": [
{
"changes": [
{
"at": "2.3.2",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.3.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Tr\u01b0\u01a1ng H\u1eefu Ph\u00fac (truonghuuphuc) | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:39:54.988Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Control of Filename for Include/Require Statement in PHP Program (\u0027PHP Remote File Inclusion\u0027) vulnerability in wpjobportal WP Job Portal wp-job-portal allows PHP Local File Inclusion.\u003cp\u003eThis issue affects WP Job Portal: from n/a through \u003c= 2.3.1.\u003c/p\u003e"
}
],
"value": "Improper Control of Filename for Include/Require Statement in PHP Program (\u0027PHP Remote File Inclusion\u0027) vulnerability in wpjobportal WP Job Portal wp-job-portal allows PHP Local File Inclusion.This issue affects WP Job Portal: from n/a through \u003c= 2.3.1."
}
],
"impacts": [
{
"capecId": "CAPEC-252",
"descriptions": [
{
"lang": "en",
"value": "PHP Local File Inclusion"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-98",
"description": "Improper Control of Filename for Include/Require Statement in PHP Program (\u0027PHP Remote File Inclusion\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T15:53:10.130Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/wp-job-portal/vulnerability/wordpress-wp-job-portal-plugin-2-3-1-local-file-inclusion-vulnerability?_s_id=cve"
}
],
"title": "WordPress WP Job Portal plugin \u003c= 2.3.1 - Local File Inclusion vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-47438",
"datePublished": "2025-05-23T12:43:37.020Z",
"dateReserved": "2025-05-07T09:38:32.076Z",
"dateUpdated": "2026-04-01T15:53:10.130Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-48272 (GCVE-0-2025-48272)
Vulnerability from nvd – Published: 2025-05-19 14:45 – Updated: 2026-04-01 15:54
VLAI?
Title
WordPress WP Job Portal plugin <= 2.3.2 - Insecure Direct Object References (IDOR) Vulnerability
Summary
Missing Authorization vulnerability in wpjobportal WP Job Portal wp-job-portal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Portal: from n/a through <= 2.3.2.
Severity ?
No CVSS data available.
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| wpjobportal | WP Job Portal |
Affected:
0 , ≤ 2.3.2
(custom)
|
Date Public ?
2026-04-01 16:40
Credits
LVT-tholv2k | Patchstack Bug Bounty Program
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48272",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-19T15:07:39.448210Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-19T15:17:00.918Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "wp-job-portal",
"product": "WP Job Portal",
"vendor": "wpjobportal",
"versions": [
{
"changes": [
{
"at": "2.3.3",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.3.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "LVT-tholv2k | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:40:48.347Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authorization vulnerability in wpjobportal WP Job Portal wp-job-portal allows Exploiting Incorrectly Configured Access Control Security Levels.\u003cp\u003eThis issue affects WP Job Portal: from n/a through \u003c= 2.3.2.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in wpjobportal WP Job Portal wp-job-portal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Portal: from n/a through \u003c= 2.3.2."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T15:54:29.425Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/wp-job-portal/vulnerability/wordpress-wp-job-portal-2-3-2-insecure-direct-object-references-idor-vulnerability?_s_id=cve"
}
],
"title": "WordPress WP Job Portal plugin \u003c= 2.3.2 - Insecure Direct Object References (IDOR) Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-48272",
"datePublished": "2025-05-19T14:45:25.486Z",
"dateReserved": "2025-05-19T14:13:24.501Z",
"dateUpdated": "2026-04-01T15:54:29.425Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-26935 (GCVE-0-2025-26935)
Vulnerability from nvd – Published: 2025-02-25 14:17 – Updated: 2026-04-01 15:45
VLAI?
Title
WordPress WP Job Portal plugin <= 2.2.8 - Local File Inclusion vulnerability
Summary
Path Traversal: '.../...//' vulnerability in wpjobportal WP Job Portal wp-job-portal allows PHP Local File Inclusion.This issue affects WP Job Portal: from n/a through <= 2.2.8.
Severity ?
No CVSS data available.
CWE
- CWE-35 - Path Traversal: '.../...//'
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| wpjobportal | WP Job Portal |
Affected:
0 , ≤ 2.2.8
(custom)
|
Date Public ?
2026-04-01 16:35
Credits
Trương Hữu Phúc (truonghuuphuc) | Patchstack Bug Bounty Program
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-26935",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-25T15:07:51.893068Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-25T15:09:31.531Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "wp-job-portal",
"product": "WP Job Portal",
"vendor": "wpjobportal",
"versions": [
{
"changes": [
{
"at": "2.2.9",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.2.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Tr\u01b0\u01a1ng H\u1eefu Ph\u00fac (truonghuuphuc) | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:35:25.010Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Path Traversal: \u0027.../...//\u0027 vulnerability in wpjobportal WP Job Portal wp-job-portal allows PHP Local File Inclusion.\u003cp\u003eThis issue affects WP Job Portal: from n/a through \u003c= 2.2.8.\u003c/p\u003e"
}
],
"value": "Path Traversal: \u0027.../...//\u0027 vulnerability in wpjobportal WP Job Portal wp-job-portal allows PHP Local File Inclusion.This issue affects WP Job Portal: from n/a through \u003c= 2.2.8."
}
],
"impacts": [
{
"capecId": "CAPEC-252",
"descriptions": [
{
"lang": "en",
"value": "PHP Local File Inclusion"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-35",
"description": "Path Traversal: \u0027.../...//\u0027",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T15:45:47.921Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/wp-job-portal/vulnerability/wordpress-wp-job-portal-plugin-2-2-8-local-file-inclusion-vulnerability?_s_id=cve"
}
],
"title": "WordPress WP Job Portal plugin \u003c= 2.2.8 - Local File Inclusion vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-26935",
"datePublished": "2025-02-25T14:17:54.939Z",
"dateReserved": "2025-02-17T11:51:10.110Z",
"dateUpdated": "2026-04-01T15:45:47.921Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-52389 (GCVE-0-2024-52389)
Vulnerability from nvd – Published: 2024-11-18 21:29 – Updated: 2026-04-01 15:38
VLAI?
Title
WordPress WP Job Portal plugin <= 2.2.0 - Cross Site Scripting (XSS) vulnerability
Summary
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpjobportal WP Job Portal wp-job-portal allows Stored XSS.This issue affects WP Job Portal: from n/a through <= 2.2.0.
Severity ?
No CVSS data available.
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| wpjobportal | WP Job Portal |
Affected:
0 , ≤ 2.2.0
(custom)
|
Date Public ?
2026-04-01 16:29
Credits
casol | Patchstack Bug Bounty Program
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-52389",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-19T15:24:39.483515Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-19T15:24:54.293Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "wp-job-portal",
"product": "WP Job Portal",
"vendor": "wpjobportal",
"versions": [
{
"changes": [
{
"at": "2.2.1",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "casol | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:29:47.012Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in wpjobportal WP Job Portal wp-job-portal allows Stored XSS.\u003cp\u003eThis issue affects WP Job Portal: from n/a through \u003c= 2.2.0.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in wpjobportal WP Job Portal wp-job-portal allows Stored XSS.This issue affects WP Job Portal: from n/a through \u003c= 2.2.0."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "Stored XSS"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T15:38:40.158Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/wp-job-portal/vulnerability/wordpress-wp-job-portal-plugin-2-2-0-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"title": "WordPress WP Job Portal plugin \u003c= 2.2.0 - Cross Site Scripting (XSS) vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-52389",
"datePublished": "2024-11-18T21:29:46.576Z",
"dateReserved": "2024-11-11T06:38:56.851Z",
"dateUpdated": "2026-04-01T15:38:40.158Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-43266 (GCVE-0-2024-43266)
Vulnerability from nvd – Published: 2024-08-18 21:34 – Updated: 2026-04-01 15:34
VLAI?
Title
WordPress WP Job Portal plugin <= 2.1.8 - Insecure Direct Object References (IDOR) vulnerability
Summary
Authorization Bypass Through User-Controlled Key vulnerability in wpjobportal WP Job Portal wp-job-portal.This issue affects WP Job Portal: from n/a through <= 2.1.8.
Severity ?
No CVSS data available.
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| wpjobportal | WP Job Portal |
Affected:
0 , ≤ 2.1.8
(custom)
|
Date Public ?
2026-04-01 16:27
Credits
LuxF0z | Patchstack Bug Bounty Program
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43266",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-19T13:33:04.645298Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-19T13:33:12.796Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "wp-job-portal",
"product": "WP Job Portal",
"vendor": "wpjobportal",
"versions": [
{
"changes": [
{
"at": "2.1.9",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.1.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "LuxF0z | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:27:13.075Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authorization Bypass Through User-Controlled Key vulnerability in wpjobportal WP Job Portal wp-job-portal.\u003cp\u003eThis issue affects WP Job Portal: from n/a through \u003c= 2.1.8.\u003c/p\u003e"
}
],
"value": "Authorization Bypass Through User-Controlled Key vulnerability in wpjobportal WP Job Portal wp-job-portal.This issue affects WP Job Portal: from n/a through \u003c= 2.1.8."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T15:34:47.389Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/wp-job-portal/vulnerability/wordpress-wp-job-portal-a-complete-job-board-plugin-2-1-6-insecure-direct-object-references-idor-vulnerability?_s_id=cve"
}
],
"title": "WordPress WP Job Portal plugin \u003c= 2.1.8 - Insecure Direct Object References (IDOR) vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-43266",
"datePublished": "2024-08-18T21:34:59.503Z",
"dateReserved": "2024-08-09T09:20:48.471Z",
"dateUpdated": "2026-04-01T15:34:47.389Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-35760 (GCVE-0-2024-35760)
Vulnerability from nvd – Published: 2024-06-21 12:40 – Updated: 2026-04-01 15:34
VLAI?
Title
WordPress WP Job Portal plugin <= 2.1.3 - Cross Site Scripting (XSS) vulnerability
Summary
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpjobportal WP Job Portal wp-job-portal allows DOM-Based XSS.This issue affects WP Job Portal: from n/a through <= 2.1.3.
Severity ?
No CVSS data available.
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| wpjobportal | WP Job Portal |
Affected:
0 , ≤ 2.1.3
(custom)
|
Date Public ?
2026-04-01 16:26
Credits
LuxF0z | Patchstack Bug Bounty Program
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35760",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-21T14:00:39.625387Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-21T14:02:59.329Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:14:54.055Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/wp-job-portal/wordpress-wp-job-portal-a-complete-job-board-plugin-2-1-3-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "wp-job-portal",
"product": "WP Job Portal",
"vendor": "wpjobportal",
"versions": [
{
"changes": [
{
"at": "2.1.4",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.1.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "LuxF0z | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:26:09.459Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in wpjobportal WP Job Portal wp-job-portal allows DOM-Based XSS.\u003cp\u003eThis issue affects WP Job Portal: from n/a through \u003c= 2.1.3.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in wpjobportal WP Job Portal wp-job-portal allows DOM-Based XSS.This issue affects WP Job Portal: from n/a through \u003c= 2.1.3."
}
],
"impacts": [
{
"capecId": "CAPEC-588",
"descriptions": [
{
"lang": "en",
"value": "DOM-Based XSS"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T15:34:20.007Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/wp-job-portal/vulnerability/wordpress-wp-job-portal-a-complete-job-board-plugin-2-1-3-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"title": "WordPress WP Job Portal plugin \u003c= 2.1.3 - Cross Site Scripting (XSS) vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-35760",
"datePublished": "2024-06-21T12:40:10.390Z",
"dateReserved": "2024-05-17T10:10:41.866Z",
"dateUpdated": "2026-04-01T15:34:20.007Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-35759 (GCVE-0-2024-35759)
Vulnerability from nvd – Published: 2024-06-21 12:41 – Updated: 2026-04-01 15:34
VLAI?
Title
WordPress WP Job Portal plugin <= 2.1.3 - Cross Site Scripting (XSS) vulnerability
Summary
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpjobportal WP Job Portal wp-job-portal.This issue affects WP Job Portal: from n/a through <= 2.1.3.
Severity ?
No CVSS data available.
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| wpjobportal | WP Job Portal |
Affected:
0 , ≤ 2.1.3
(custom)
|
Date Public ?
2026-04-01 16:26
Credits
LuxF0z | Patchstack Bug Bounty Program
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35759",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-21T14:00:28.637245Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-21T14:00:51.786Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:14:53.991Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/wp-job-portal/wordpress-wp-job-portal-plugin-2-1-3-admin-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "wp-job-portal",
"product": "WP Job Portal",
"vendor": "wpjobportal",
"versions": [
{
"changes": [
{
"at": "2.1.4",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.1.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "LuxF0z | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:26:08.865Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in wpjobportal WP Job Portal wp-job-portal.\u003cp\u003eThis issue affects WP Job Portal: from n/a through \u003c= 2.1.3.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in wpjobportal WP Job Portal wp-job-portal.This issue affects WP Job Portal: from n/a through \u003c= 2.1.3."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T15:34:19.856Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/wp-job-portal/vulnerability/wordpress-wp-job-portal-plugin-2-1-3-admin-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"title": "WordPress WP Job Portal plugin \u003c= 2.1.3 - Cross Site Scripting (XSS) vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-35759",
"datePublished": "2024-06-21T12:41:32.691Z",
"dateReserved": "2024-05-17T10:10:41.866Z",
"dateUpdated": "2026-04-01T15:34:19.856Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-24941 (GCVE-0-2026-24941)
Vulnerability from cvelistv5 – Published: 2026-02-20 15:47 – Updated: 2026-04-01 14:14
VLAI?
Title
WordPress WP Job Portal plugin <= 2.4.4 - Broken Access Control vulnerability
Summary
Missing Authorization vulnerability in wpjobportal WP Job Portal wp-job-portal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Portal: from n/a through <= 2.4.4.
Severity ?
7.5 (High)
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| wpjobportal | WP Job Portal |
Affected:
0 , ≤ 2.4.4
(custom)
|
Date Public ?
2026-04-01 16:04
Credits
benzdeus | Patchstack Bug Bounty Program
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-24941",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-20T19:03:32.109624Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-20T19:03:40.603Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "wp-job-portal",
"product": "WP Job Portal",
"vendor": "wpjobportal",
"versions": [
{
"changes": [
{
"at": "2.4.5",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "benzdeus | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:04:55.023Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authorization vulnerability in wpjobportal WP Job Portal wp-job-portal allows Exploiting Incorrectly Configured Access Control Security Levels.\u003cp\u003eThis issue affects WP Job Portal: from n/a through \u003c= 2.4.4.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in wpjobportal WP Job Portal wp-job-portal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Portal: from n/a through \u003c= 2.4.4."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T14:14:31.155Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/wp-job-portal/vulnerability/wordpress-wp-job-portal-plugin-2-4-4-broken-access-control-vulnerability?_s_id=cve"
}
],
"title": "WordPress WP Job Portal plugin \u003c= 2.4.4 - Broken Access Control vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2026-24941",
"datePublished": "2026-02-20T15:47:07.258Z",
"dateReserved": "2026-01-28T09:50:05.801Z",
"dateUpdated": "2026-04-01T14:14:31.155Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-24379 (GCVE-0-2026-24379)
Vulnerability from cvelistv5 – Published: 2026-01-22 16:52 – Updated: 2026-04-01 14:14
VLAI?
Title
WordPress WP Job Portal plugin <= 2.4.3 - Insecure Direct Object References (IDOR) vulnerability
Summary
Authorization Bypass Through User-Controlled Key vulnerability in wpjobportal WP Job Portal wp-job-portal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Portal: from n/a through <= 2.4.3.
Severity ?
9.1 (Critical)
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| wpjobportal | WP Job Portal |
Affected:
0 , ≤ 2.4.3
(custom)
|
Date Public ?
2026-04-01 16:05
Credits
Nabil Irawan | Patchstack Bug Bounty Program
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-24379",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-23T16:47:18.323677Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-26T18:54:05.541Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "wp-job-portal",
"product": "WP Job Portal",
"vendor": "wpjobportal",
"versions": [
{
"changes": [
{
"at": "2.4.4",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.4.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Nabil Irawan | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:05:18.253Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authorization Bypass Through User-Controlled Key vulnerability in wpjobportal WP Job Portal wp-job-portal allows Exploiting Incorrectly Configured Access Control Security Levels.\u003cp\u003eThis issue affects WP Job Portal: from n/a through \u003c= 2.4.3.\u003c/p\u003e"
}
],
"value": "Authorization Bypass Through User-Controlled Key vulnerability in wpjobportal WP Job Portal wp-job-portal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Portal: from n/a through \u003c= 2.4.3."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T14:14:09.921Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/wp-job-portal/vulnerability/wordpress-wp-job-portal-plugin-2-4-3-insecure-direct-object-references-idor-vulnerability?_s_id=cve"
}
],
"title": "WordPress WP Job Portal plugin \u003c= 2.4.3 - Insecure Direct Object References (IDOR) vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2026-24379",
"datePublished": "2026-01-22T16:52:46.322Z",
"dateReserved": "2026-01-22T14:42:40.516Z",
"dateUpdated": "2026-04-01T14:14:09.921Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-48274 (GCVE-0-2025-48274)
Vulnerability from cvelistv5 – Published: 2025-06-17 15:01 – Updated: 2026-04-01 15:54
VLAI?
Title
WordPress WP Job Portal plugin <= 2.3.2 - SQL Injection Vulnerability
Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpjobportal WP Job Portal wp-job-portal allows Blind SQL Injection.This issue affects WP Job Portal: from n/a through <= 2.3.2.
Severity ?
No CVSS data available.
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| wpjobportal | WP Job Portal |
Affected:
0 , ≤ 2.3.2
(custom)
|
Date Public ?
2026-04-01 16:40
Credits
LVT-tholv2k | Patchstack Bug Bounty Program
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48274",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-17T18:31:58.944313Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T18:37:55.642Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "wp-job-portal",
"product": "WP Job Portal",
"vendor": "wpjobportal",
"versions": [
{
"changes": [
{
"at": "2.3.3",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.3.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "LVT-tholv2k | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:40:49.612Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in wpjobportal WP Job Portal wp-job-portal allows Blind SQL Injection.\u003cp\u003eThis issue affects WP Job Portal: from n/a through \u003c= 2.3.2.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in wpjobportal WP Job Portal wp-job-portal allows Blind SQL Injection.This issue affects WP Job Portal: from n/a through \u003c= 2.3.2."
}
],
"impacts": [
{
"capecId": "CAPEC-7",
"descriptions": [
{
"lang": "en",
"value": "Blind SQL Injection"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T15:54:30.071Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/wp-job-portal/vulnerability/wordpress-wp-job-portal-2-3-2-sql-injection-vulnerability?_s_id=cve"
}
],
"title": "WordPress WP Job Portal plugin \u003c= 2.3.2 - SQL Injection Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-48274",
"datePublished": "2025-06-17T15:01:31.321Z",
"dateReserved": "2025-05-19T14:13:24.501Z",
"dateUpdated": "2026-04-01T15:54:30.071Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-47438 (GCVE-0-2025-47438)
Vulnerability from cvelistv5 – Published: 2025-05-23 12:43 – Updated: 2026-04-01 15:53
VLAI?
Title
WordPress WP Job Portal plugin <= 2.3.1 - Local File Inclusion vulnerability
Summary
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wpjobportal WP Job Portal wp-job-portal allows PHP Local File Inclusion.This issue affects WP Job Portal: from n/a through <= 2.3.1.
Severity ?
No CVSS data available.
CWE
- CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| wpjobportal | WP Job Portal |
Affected:
0 , ≤ 2.3.1
(custom)
|
Date Public ?
2026-04-01 16:39
Credits
Trương Hữu Phúc (truonghuuphuc) | Patchstack Bug Bounty Program
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-47438",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-23T14:55:09.833093Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-23T14:55:15.452Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "wp-job-portal",
"product": "WP Job Portal",
"vendor": "wpjobportal",
"versions": [
{
"changes": [
{
"at": "2.3.2",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.3.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Tr\u01b0\u01a1ng H\u1eefu Ph\u00fac (truonghuuphuc) | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:39:54.988Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Control of Filename for Include/Require Statement in PHP Program (\u0027PHP Remote File Inclusion\u0027) vulnerability in wpjobportal WP Job Portal wp-job-portal allows PHP Local File Inclusion.\u003cp\u003eThis issue affects WP Job Portal: from n/a through \u003c= 2.3.1.\u003c/p\u003e"
}
],
"value": "Improper Control of Filename for Include/Require Statement in PHP Program (\u0027PHP Remote File Inclusion\u0027) vulnerability in wpjobportal WP Job Portal wp-job-portal allows PHP Local File Inclusion.This issue affects WP Job Portal: from n/a through \u003c= 2.3.1."
}
],
"impacts": [
{
"capecId": "CAPEC-252",
"descriptions": [
{
"lang": "en",
"value": "PHP Local File Inclusion"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-98",
"description": "Improper Control of Filename for Include/Require Statement in PHP Program (\u0027PHP Remote File Inclusion\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T15:53:10.130Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/wp-job-portal/vulnerability/wordpress-wp-job-portal-plugin-2-3-1-local-file-inclusion-vulnerability?_s_id=cve"
}
],
"title": "WordPress WP Job Portal plugin \u003c= 2.3.1 - Local File Inclusion vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-47438",
"datePublished": "2025-05-23T12:43:37.020Z",
"dateReserved": "2025-05-07T09:38:32.076Z",
"dateUpdated": "2026-04-01T15:53:10.130Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-48273 (GCVE-0-2025-48273)
Vulnerability from cvelistv5 – Published: 2025-05-23 12:43 – Updated: 2026-04-01 15:54
VLAI?
Title
WordPress WP Job Portal plugin <= 2.3.2 - Arbitrary File Download Vulnerability
Summary
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in wpjobportal WP Job Portal wp-job-portal allows Path Traversal.This issue affects WP Job Portal: from n/a through <= 2.3.2.
Severity ?
No CVSS data available.
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| wpjobportal | WP Job Portal |
Affected:
0 , ≤ 2.3.2
(custom)
|
Date Public ?
2026-04-01 16:40
Credits
LVT-tholv2k | Patchstack Bug Bounty Program
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48273",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-27T14:35:56.250192Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-27T14:36:01.416Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "wp-job-portal",
"product": "WP Job Portal",
"vendor": "wpjobportal",
"versions": [
{
"changes": [
{
"at": "2.3.3",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.3.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "LVT-tholv2k | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:40:48.548Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability in wpjobportal WP Job Portal wp-job-portal allows Path Traversal.\u003cp\u003eThis issue affects WP Job Portal: from n/a through \u003c= 2.3.2.\u003c/p\u003e"
}
],
"value": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability in wpjobportal WP Job Portal wp-job-portal allows Path Traversal.This issue affects WP Job Portal: from n/a through \u003c= 2.3.2."
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "Path Traversal"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T15:54:29.762Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/wp-job-portal/vulnerability/wordpress-wp-job-portal-2-3-2-arbitrary-file-download-vulnerability?_s_id=cve"
}
],
"title": "WordPress WP Job Portal plugin \u003c= 2.3.2 - Arbitrary File Download Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-48273",
"datePublished": "2025-05-23T12:43:16.413Z",
"dateReserved": "2025-05-19T14:13:24.501Z",
"dateUpdated": "2026-04-01T15:54:29.762Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-48272 (GCVE-0-2025-48272)
Vulnerability from cvelistv5 – Published: 2025-05-19 14:45 – Updated: 2026-04-01 15:54
VLAI?
Title
WordPress WP Job Portal plugin <= 2.3.2 - Insecure Direct Object References (IDOR) Vulnerability
Summary
Missing Authorization vulnerability in wpjobportal WP Job Portal wp-job-portal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Portal: from n/a through <= 2.3.2.
Severity ?
No CVSS data available.
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| wpjobportal | WP Job Portal |
Affected:
0 , ≤ 2.3.2
(custom)
|
Date Public ?
2026-04-01 16:40
Credits
LVT-tholv2k | Patchstack Bug Bounty Program
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48272",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-19T15:07:39.448210Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-19T15:17:00.918Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "wp-job-portal",
"product": "WP Job Portal",
"vendor": "wpjobportal",
"versions": [
{
"changes": [
{
"at": "2.3.3",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.3.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "LVT-tholv2k | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:40:48.347Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authorization vulnerability in wpjobportal WP Job Portal wp-job-portal allows Exploiting Incorrectly Configured Access Control Security Levels.\u003cp\u003eThis issue affects WP Job Portal: from n/a through \u003c= 2.3.2.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in wpjobportal WP Job Portal wp-job-portal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Portal: from n/a through \u003c= 2.3.2."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T15:54:29.425Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/wp-job-portal/vulnerability/wordpress-wp-job-portal-2-3-2-insecure-direct-object-references-idor-vulnerability?_s_id=cve"
}
],
"title": "WordPress WP Job Portal plugin \u003c= 2.3.2 - Insecure Direct Object References (IDOR) Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-48272",
"datePublished": "2025-05-19T14:45:25.486Z",
"dateReserved": "2025-05-19T14:13:24.501Z",
"dateUpdated": "2026-04-01T15:54:29.425Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-26935 (GCVE-0-2025-26935)
Vulnerability from cvelistv5 – Published: 2025-02-25 14:17 – Updated: 2026-04-01 15:45
VLAI?
Title
WordPress WP Job Portal plugin <= 2.2.8 - Local File Inclusion vulnerability
Summary
Path Traversal: '.../...//' vulnerability in wpjobportal WP Job Portal wp-job-portal allows PHP Local File Inclusion.This issue affects WP Job Portal: from n/a through <= 2.2.8.
Severity ?
No CVSS data available.
CWE
- CWE-35 - Path Traversal: '.../...//'
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| wpjobportal | WP Job Portal |
Affected:
0 , ≤ 2.2.8
(custom)
|
Date Public ?
2026-04-01 16:35
Credits
Trương Hữu Phúc (truonghuuphuc) | Patchstack Bug Bounty Program
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-26935",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-25T15:07:51.893068Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-25T15:09:31.531Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "wp-job-portal",
"product": "WP Job Portal",
"vendor": "wpjobportal",
"versions": [
{
"changes": [
{
"at": "2.2.9",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.2.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Tr\u01b0\u01a1ng H\u1eefu Ph\u00fac (truonghuuphuc) | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:35:25.010Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Path Traversal: \u0027.../...//\u0027 vulnerability in wpjobportal WP Job Portal wp-job-portal allows PHP Local File Inclusion.\u003cp\u003eThis issue affects WP Job Portal: from n/a through \u003c= 2.2.8.\u003c/p\u003e"
}
],
"value": "Path Traversal: \u0027.../...//\u0027 vulnerability in wpjobportal WP Job Portal wp-job-portal allows PHP Local File Inclusion.This issue affects WP Job Portal: from n/a through \u003c= 2.2.8."
}
],
"impacts": [
{
"capecId": "CAPEC-252",
"descriptions": [
{
"lang": "en",
"value": "PHP Local File Inclusion"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-35",
"description": "Path Traversal: \u0027.../...//\u0027",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T15:45:47.921Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/wp-job-portal/vulnerability/wordpress-wp-job-portal-plugin-2-2-8-local-file-inclusion-vulnerability?_s_id=cve"
}
],
"title": "WordPress WP Job Portal plugin \u003c= 2.2.8 - Local File Inclusion vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-26935",
"datePublished": "2025-02-25T14:17:54.939Z",
"dateReserved": "2025-02-17T11:51:10.110Z",
"dateUpdated": "2026-04-01T15:45:47.921Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-52389 (GCVE-0-2024-52389)
Vulnerability from cvelistv5 – Published: 2024-11-18 21:29 – Updated: 2026-04-01 15:38
VLAI?
Title
WordPress WP Job Portal plugin <= 2.2.0 - Cross Site Scripting (XSS) vulnerability
Summary
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpjobportal WP Job Portal wp-job-portal allows Stored XSS.This issue affects WP Job Portal: from n/a through <= 2.2.0.
Severity ?
No CVSS data available.
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| wpjobportal | WP Job Portal |
Affected:
0 , ≤ 2.2.0
(custom)
|
Date Public ?
2026-04-01 16:29
Credits
casol | Patchstack Bug Bounty Program
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-52389",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-19T15:24:39.483515Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-19T15:24:54.293Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "wp-job-portal",
"product": "WP Job Portal",
"vendor": "wpjobportal",
"versions": [
{
"changes": [
{
"at": "2.2.1",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "casol | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:29:47.012Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in wpjobportal WP Job Portal wp-job-portal allows Stored XSS.\u003cp\u003eThis issue affects WP Job Portal: from n/a through \u003c= 2.2.0.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in wpjobportal WP Job Portal wp-job-portal allows Stored XSS.This issue affects WP Job Portal: from n/a through \u003c= 2.2.0."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "Stored XSS"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T15:38:40.158Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/wp-job-portal/vulnerability/wordpress-wp-job-portal-plugin-2-2-0-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"title": "WordPress WP Job Portal plugin \u003c= 2.2.0 - Cross Site Scripting (XSS) vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-52389",
"datePublished": "2024-11-18T21:29:46.576Z",
"dateReserved": "2024-11-11T06:38:56.851Z",
"dateUpdated": "2026-04-01T15:38:40.158Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-43266 (GCVE-0-2024-43266)
Vulnerability from cvelistv5 – Published: 2024-08-18 21:34 – Updated: 2026-04-01 15:34
VLAI?
Title
WordPress WP Job Portal plugin <= 2.1.8 - Insecure Direct Object References (IDOR) vulnerability
Summary
Authorization Bypass Through User-Controlled Key vulnerability in wpjobportal WP Job Portal wp-job-portal.This issue affects WP Job Portal: from n/a through <= 2.1.8.
Severity ?
No CVSS data available.
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| wpjobportal | WP Job Portal |
Affected:
0 , ≤ 2.1.8
(custom)
|
Date Public ?
2026-04-01 16:27
Credits
LuxF0z | Patchstack Bug Bounty Program
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43266",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-19T13:33:04.645298Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-19T13:33:12.796Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "wp-job-portal",
"product": "WP Job Portal",
"vendor": "wpjobportal",
"versions": [
{
"changes": [
{
"at": "2.1.9",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.1.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "LuxF0z | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:27:13.075Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authorization Bypass Through User-Controlled Key vulnerability in wpjobportal WP Job Portal wp-job-portal.\u003cp\u003eThis issue affects WP Job Portal: from n/a through \u003c= 2.1.8.\u003c/p\u003e"
}
],
"value": "Authorization Bypass Through User-Controlled Key vulnerability in wpjobportal WP Job Portal wp-job-portal.This issue affects WP Job Portal: from n/a through \u003c= 2.1.8."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T15:34:47.389Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/wp-job-portal/vulnerability/wordpress-wp-job-portal-a-complete-job-board-plugin-2-1-6-insecure-direct-object-references-idor-vulnerability?_s_id=cve"
}
],
"title": "WordPress WP Job Portal plugin \u003c= 2.1.8 - Insecure Direct Object References (IDOR) vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-43266",
"datePublished": "2024-08-18T21:34:59.503Z",
"dateReserved": "2024-08-09T09:20:48.471Z",
"dateUpdated": "2026-04-01T15:34:47.389Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-35759 (GCVE-0-2024-35759)
Vulnerability from cvelistv5 – Published: 2024-06-21 12:41 – Updated: 2026-04-01 15:34
VLAI?
Title
WordPress WP Job Portal plugin <= 2.1.3 - Cross Site Scripting (XSS) vulnerability
Summary
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpjobportal WP Job Portal wp-job-portal.This issue affects WP Job Portal: from n/a through <= 2.1.3.
Severity ?
No CVSS data available.
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| wpjobportal | WP Job Portal |
Affected:
0 , ≤ 2.1.3
(custom)
|
Date Public ?
2026-04-01 16:26
Credits
LuxF0z | Patchstack Bug Bounty Program
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35759",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-21T14:00:28.637245Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-21T14:00:51.786Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:14:53.991Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/wp-job-portal/wordpress-wp-job-portal-plugin-2-1-3-admin-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "wp-job-portal",
"product": "WP Job Portal",
"vendor": "wpjobportal",
"versions": [
{
"changes": [
{
"at": "2.1.4",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.1.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "LuxF0z | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:26:08.865Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in wpjobportal WP Job Portal wp-job-portal.\u003cp\u003eThis issue affects WP Job Portal: from n/a through \u003c= 2.1.3.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in wpjobportal WP Job Portal wp-job-portal.This issue affects WP Job Portal: from n/a through \u003c= 2.1.3."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T15:34:19.856Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/wp-job-portal/vulnerability/wordpress-wp-job-portal-plugin-2-1-3-admin-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"title": "WordPress WP Job Portal plugin \u003c= 2.1.3 - Cross Site Scripting (XSS) vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-35759",
"datePublished": "2024-06-21T12:41:32.691Z",
"dateReserved": "2024-05-17T10:10:41.866Z",
"dateUpdated": "2026-04-01T15:34:19.856Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-35760 (GCVE-0-2024-35760)
Vulnerability from cvelistv5 – Published: 2024-06-21 12:40 – Updated: 2026-04-01 15:34
VLAI?
Title
WordPress WP Job Portal plugin <= 2.1.3 - Cross Site Scripting (XSS) vulnerability
Summary
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpjobportal WP Job Portal wp-job-portal allows DOM-Based XSS.This issue affects WP Job Portal: from n/a through <= 2.1.3.
Severity ?
No CVSS data available.
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| wpjobportal | WP Job Portal |
Affected:
0 , ≤ 2.1.3
(custom)
|
Date Public ?
2026-04-01 16:26
Credits
LuxF0z | Patchstack Bug Bounty Program
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35760",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-21T14:00:39.625387Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-21T14:02:59.329Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:14:54.055Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/wp-job-portal/wordpress-wp-job-portal-a-complete-job-board-plugin-2-1-3-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "wp-job-portal",
"product": "WP Job Portal",
"vendor": "wpjobportal",
"versions": [
{
"changes": [
{
"at": "2.1.4",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.1.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "LuxF0z | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:26:09.459Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in wpjobportal WP Job Portal wp-job-portal allows DOM-Based XSS.\u003cp\u003eThis issue affects WP Job Portal: from n/a through \u003c= 2.1.3.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in wpjobportal WP Job Portal wp-job-portal allows DOM-Based XSS.This issue affects WP Job Portal: from n/a through \u003c= 2.1.3."
}
],
"impacts": [
{
"capecId": "CAPEC-588",
"descriptions": [
{
"lang": "en",
"value": "DOM-Based XSS"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T15:34:20.007Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/wp-job-portal/vulnerability/wordpress-wp-job-portal-a-complete-job-board-plugin-2-1-3-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"title": "WordPress WP Job Portal plugin \u003c= 2.1.3 - Cross Site Scripting (XSS) vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-35760",
"datePublished": "2024-06-21T12:40:10.390Z",
"dateReserved": "2024-05-17T10:10:41.866Z",
"dateUpdated": "2026-04-01T15:34:20.007Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}