WP Job Portal – A Complete Recruitment System for Company or Job Board website

Wordfence Intelligence   >   Vulnerability Database   >   WordPress Plugins   >   WP Job Portal – A Complete Recruitment System for Company or Job Board website

Information

Software Type Plugin
Software Slug wp-job-portal (view on wordpress.org)
Software Status Active
Software Author wpjobportal
Software Website wpjobportal.com
Software Downloads 340,152
Software Active Installs 7,000
Software Record Last Updated April 9, 2025

Showing 1-20 of 25 Vulnerabilities

Submit a Vulnerability
WP Job Portal <= 2.2.8 - Authenticated (Contributor+) Local File Inclusion
8.8
CVE-2025-26935
Feb 23, 2025
Researcher: Trương Hữu Phúc (truonghuuphuc)
WP Job Portal <= 2.2.8 - Insecure Direct Object Reference to Authenticated (Subscriber+) User Photo Disconnection
4.3
CVE-2024-13873
Feb 21, 2025
Researcher: thevietronin
WP Job Portal <= 2.2.6 - Missing Authorization to Unauthenticated Arbitrary Email Sending
5.3
CVE-2024-13371
Jan 31, 2025
Researcher: thevietronin
WP Job Portal <= 2.2.6 - Insecure Direct Object Reference to Unauthenticated Company Logo Deletion
5.3
CVE-2024-13428
Jan 31, 2025
Researcher: thevietronin
WP Job Portal <= 2.2.6 - Insecure Direct Object Reference to Authenticated (Employer+) Arbitrary Company Deletion
4.3
CVE-2024-13425
Jan 31, 2025
Researcher: thevietronin
WP Job Portal <= 2.2.6 - Insecure Direct Object Reference to Authenticated (Employer+) Arbitrary Job Deletion
4.3
CVE-2024-13429
Jan 31, 2025
Researcher: thevietronin
WP Job Portal <= 2.2.6 - Insecure Direct Object Reference to Unauthenticated Arbitrary Resume Download
5.3
CVE-2024-13372
Jan 31, 2025
Researcher: thevietronin
WP Job Portal – A Complete Recruitment System for Company or Job Board website <= 2.2.5- Authenticated (Subscriber+) Insecure Direct Object Reference
4.3
CVE-2024-12131
Jan 6, 2025
Researcher: Apostolos Sakellariou
WP Job Portal – A Complete Recruitment System for Company or Job Board website <= 2.2.4 - Authenticated (Subscriber+) Insecure Direct Object Reference
4.3
CVE-2024-12132
Jan 2, 2025
Researcher: Apostolos Sakellariou
WP Job Portal <= 2.2.2 - Authenticated (Admin+) SQL Injection
4.9
CVE-2024-11710
Dec 13, 2024
Researcher: thevietronin
WP Job Portal <= 2.2.2 - Missing Authorization to Unauthenticated Arbitrary Resume Download
5.3
CVE-2024-11712
Dec 13, 2024
Researcher: thevietronin
WP Job Portal <= 2.2.2 - Authenticated (Admin+) SQL Injection via getFieldsForVisibleCombobox()
4.9
CVE-2024-11714
Dec 13, 2024
Researcher: thevietronin
WP Job Portal <= 2.2.2 - Missing Authorization to Limited Privilege Escalation
4.8
CVE-2024-11715
Dec 13, 2024
Researcher: thevietronin
WP Job Portal <= 2.2.1 - Unauthenticated SQL Injection
7.5
CVE-2024-11711
Dec 13, 2024
Researcher: thevietronin
WP Job Portal <= 2.2.2 - Authenticated (Admin+) SQL Injection via wpjobportal_deactivate()
4.9
CVE-2024-11713
Dec 13, 2024
Researchers: Nhien Pham (nhienit), thevietronin
WP Job Portal <= 2.2.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting
6.4
CVE-2024-52389
Nov 11, 2024
Researcher: casol
WP Job Portal <= 2.1.6 - Missing Authorization to Unauthenticated Local File Inclusion, Arbitrary Settings Update, and User Creation
9.8
CVE-2024-7950
Sep 3, 2024
Researcher: Connor Billings
WP Job Portal <= 2.1.8 - Authenticated (Subscriber+) Insecure Direct Object Reference
4.3
CVE-2024-43266
Aug 12, 2024
Researcher: LuxF0z
WP Job Portal <= 2.1.3 - Authenticated (Admin+) Stored Cross-Site Scripting
4.4
CVE-2024-35760
Jun 17, 2024
Researcher: LuxF0z
WP Job Portal <= 2.1.3 - Authenticated (Admin+) Stored Cross-Site Scripting
4.4
CVE-2024-35759
Jun 17, 2024
Researcher: LuxF0z
Title Status CVE ID CVSS Researchers Date
WP Job Portal <= 2.2.8 - Authenticated (Contributor+) Local File Inclusion Patched CVE-2025-26935 8.8 Trương Hữu Phúc (truonghuuphuc) February 23, 2025
WP Job Portal <= 2.2.8 - Insecure Direct Object Reference to Authenticated (Subscriber+) User Photo Disconnection Patched CVE-2024-13873 4.3 thevietronin February 21, 2025
WP Job Portal <= 2.2.6 - Missing Authorization to Unauthenticated Arbitrary Email Sending Patched CVE-2024-13371 5.3 thevietronin January 31, 2025
WP Job Portal <= 2.2.6 - Insecure Direct Object Reference to Unauthenticated Company Logo Deletion Patched CVE-2024-13428 5.3 thevietronin January 31, 2025
WP Job Portal <= 2.2.6 - Insecure Direct Object Reference to Authenticated (Employer+) Arbitrary Company Deletion Patched CVE-2024-13425 4.3 thevietronin January 31, 2025
WP Job Portal <= 2.2.6 - Insecure Direct Object Reference to Authenticated (Employer+) Arbitrary Job Deletion Patched CVE-2024-13429 4.3 thevietronin January 31, 2025
WP Job Portal <= 2.2.6 - Insecure Direct Object Reference to Unauthenticated Arbitrary Resume Download Patched CVE-2024-13372 5.3 thevietronin January 31, 2025
WP Job Portal – A Complete Recruitment System for Company or Job Board website <= 2.2.5- Authenticated (Subscriber+) Insecure Direct Object Reference Patched CVE-2024-12131 4.3 Apostolos Sakellariou January 6, 2025
WP Job Portal – A Complete Recruitment System for Company or Job Board website <= 2.2.4 - Authenticated (Subscriber+) Insecure Direct Object Reference Patched CVE-2024-12132 4.3 Apostolos Sakellariou January 2, 2025
WP Job Portal <= 2.2.2 - Authenticated (Admin+) SQL Injection Patched CVE-2024-11710 4.9 thevietronin December 13, 2024
WP Job Portal <= 2.2.2 - Missing Authorization to Unauthenticated Arbitrary Resume Download Patched CVE-2024-11712 5.3 thevietronin December 13, 2024
WP Job Portal <= 2.2.2 - Authenticated (Admin+) SQL Injection via getFieldsForVisibleCombobox() Patched CVE-2024-11714 4.9 thevietronin December 13, 2024
WP Job Portal <= 2.2.2 - Missing Authorization to Limited Privilege Escalation Patched CVE-2024-11715 4.8 thevietronin December 13, 2024
WP Job Portal <= 2.2.1 - Unauthenticated SQL Injection Patched CVE-2024-11711 7.5 thevietronin December 13, 2024
WP Job Portal <= 2.2.2 - Authenticated (Admin+) SQL Injection via wpjobportal_deactivate() Patched CVE-2024-11713 4.9 Nhien Pham (nhienit), thevietronin December 13, 2024
WP Job Portal <= 2.2.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting Patched CVE-2024-52389 6.4 casol November 11, 2024
WP Job Portal <= 2.1.6 - Missing Authorization to Unauthenticated Local File Inclusion, Arbitrary Settings Update, and User Creation Patched CVE-2024-7950 9.8 Connor Billings September 3, 2024
WP Job Portal <= 2.1.8 - Authenticated (Subscriber+) Insecure Direct Object Reference Patched CVE-2024-43266 4.3 LuxF0z August 12, 2024
WP Job Portal <= 2.1.3 - Authenticated (Admin+) Stored Cross-Site Scripting Patched CVE-2024-35760 4.4 LuxF0z June 17, 2024
WP Job Portal <= 2.1.3 - Authenticated (Admin+) Stored Cross-Site Scripting Patched CVE-2024-35759 4.4 LuxF0z June 17, 2024

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation

This site uses cookies in accordance with our Privacy Policy.