Vulnerabilities > Wpjobportal > WP JOB Portal > 2.2.5

DATE CVE VULNERABILITY TITLE RISK
2025-02-25 CVE-2025-26935 Path Traversal: '.../...//' vulnerability in Wpjobportal WP JOB Portal
Path Traversal vulnerability in wpjobportal WP Job Portal allows PHP Local File Inclusion.
network
low complexity
wpjobportal CWE-35
8.8
2025-02-22 CVE-2024-13873 Authorization Bypass Through User-Controlled Key vulnerability in Wpjobportal WP JOB Portal
The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.8 via the deleteUserPhoto() function due to missing validation on a user controlled key.
network
low complexity
wpjobportal CWE-639
4.3
2025-02-01 CVE-2024-13371 Missing Authorization vulnerability in Wpjobportal WP JOB Portal
The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to unauthorized arbitrary emails sending due to a missing capability check on the sendEmailToJobSeeker() function in all versions up to, and including, 2.2.6.
network
low complexity
wpjobportal CWE-862
5.3
2025-02-01 CVE-2024-13372 Authorization Bypass Through User-Controlled Key vulnerability in Wpjobportal WP JOB Portal
The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.6 via the getresumefiledownloadbyid() and getallresumefiles() functions due to missing validation on a user controlled key.
network
low complexity
wpjobportal CWE-639
5.3
2025-02-01 CVE-2024-13425 Authorization Bypass Through User-Controlled Key vulnerability in Wpjobportal WP JOB Portal
The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.6 via the enforcedelete() function due to missing validation on a user controlled key.
network
low complexity
wpjobportal CWE-639
4.3
2025-02-01 CVE-2024-13428 Authorization Bypass Through User-Controlled Key vulnerability in Wpjobportal WP JOB Portal
The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.6 via the deleteCompanyLogo() due to missing validation on a user controlled key.
network
low complexity
wpjobportal CWE-639
5.3
2025-02-01 CVE-2024-13429 Authorization Bypass Through User-Controlled Key vulnerability in Wpjobportal WP JOB Portal
The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.6 via the 'jobenforcedelete' due to missing validation on a user controlled key.
network
low complexity
wpjobportal CWE-639
4.3
2025-01-07 CVE-2024-12131 Authorization Bypass Through User-Controlled Key vulnerability in Wpjobportal WP JOB Portal
The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.5 due to missing validation on a user controlled key.
network
low complexity
wpjobportal CWE-639
4.3