Vulnerabilities and security researches forwp-job-portal wp-job-portal
Direction: ascendingJun 07, 2024
WP Job Portal – A Complete Job Board # CVE-2023-52184
- CVE, Research URL
- Application
- Date
- Jan 05, 2024
- Research Description
- Cross-Site Request Forgery (CSRF) vulnerability in WP Job Portal WP Job Portal – A Complete Job Board.This issue affects WP Job Portal – A Complete Job Board: from n/a through 2.0.6.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
WP Job Portal – A Complete Job Board # CVE-2023-28534
- CVE, Research URL
- Application
- Date
- Jun 22, 2023
- Research Description
- Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in WP Job Portal WP Job Portal – A Complete Job Board plugin <= 2.0.0 versions.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
WP Job Portal – A Complete Job Board # CVE-2022-41786
- CVE, Research URL
- Application
- Date
- Jan 17, 2024
- Research Description
- Missing Authorization vulnerability in WP Job Portal WP Job Portal – A Complete Job Board.This issue affects WP Job Portal – A Complete Job Board: from n/a through 2.0.1.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
WP Job Portal – A Complete Job Board # CVE-2023-4490
- CVE, Research URL
- Application
- Date
- Sep 25, 2023
- Research Description
- The WP Job Portal WordPress plugin before 2.0.6 does not sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Jun 22, 2024
WP Job Portal – A Complete Job Board # CVE-2024-35759
- CVE, Research URL
- Application
- Date
- Jun 21, 2024
- Research Description
- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Job Portal allows Stored XSS.This issue affects WP Job Portal: from n/a through 2.1.3.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
WP Job Portal – A Complete Job Board # CVE-2024-35760
- CVE, Research URL
- Application
- Date
- Jun 21, 2024
- Research Description
- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Job Portal allows Stored XSS.This issue affects WP Job Portal: from n/a through 2.1.3.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Aug 16, 2024
WP Job Portal – A Complete Job Board # CVE-2024-43266
- CVE, Research URL
- Application
- Date
- Aug 19, 2024
- Research Description
- Authorization Bypass Through User-Controlled Key vulnerability in WP Job Portal.This issue affects WP Job Portal: from n/a through 2.1.6.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Sep 05, 2024
WP Job Portal – A Complete Job Board # CVE-2024-7950
- CVE, Research URL
- Application
- Date
- Sep 04, 2024
- Research Description
- The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Local File Inclusion, Arbitrary Settings Update, and User Creation in all versions up to, and including, 2.1.6 via several functions called by the 'checkFormRequest' function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. Attackers can also update arbitrary settings and create user accounts even when registration is disabled, leading to user creation with a default role of Administrator.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Nov 14, 2024
WP Job Portal – A Complete Job Board # CVE-2024-52389
- CVE, Research URL
- Application
- Date
- Nov 19, 2024
- Research Description
- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Job Portal allows Stored XSS.This issue affects WP Job Portal: from n/a through 2.2.0.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Dec 15, 2024
WP Job Portal – A Complete Job Board # CVE-2024-11711
- CVE, Research URL
- Application
- Date
- Dec 14, 2024
- Research Description
- The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to SQL Injection via the 'resumeid' parameter in all versions up to, and including, 2.2.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
WP Job Portal – A Complete Job Board # CVE-2024-11714
- CVE, Research URL
- Application
- Date
- Dec 14, 2024
- Research Description
- The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to SQL Injection via the 'ff' parameter of the getFieldsForVisibleCombobox() function in all versions up to, and including, 2.2.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
WP Job Portal – A Complete Job Board # CVE-2024-11710
- CVE, Research URL
- Application
- Date
- Dec 14, 2024
- Research Description
- The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to SQL Injection via the 'fieldfor', 'visibleParent' and 'id' parameters in all versions up to, and including, 2.2.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
WP Job Portal – A Complete Job Board # CVE-2024-11712
- CVE, Research URL
- Application
- Date
- Dec 14, 2024
- Research Description
- The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getResumeFileDownloadById() function in all versions up to, and including, 2.2.2. This makes it possible for unauthenticated attackers to download other users resumes.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
WP Job Portal – A Complete Job Board # CVE-2024-11713
- CVE, Research URL
- Application
- Date
- Dec 14, 2024
- Research Description
- The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to SQL Injection via the 'page_id' parameter of the wpjobportal_deactivate() function in all versions up to, and including, 2.2.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
WP Job Portal – A Complete Job Board # CVE-2024-11715
- CVE, Research URL
- Application
- Date
- Dec 14, 2024
- Research Description
- The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the assignUserRole() function in all versions up to, and including, 2.2.2. This makes it possible for unauthenticated attackers to elevate their privileges to that of an employer.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Jan 04, 2025
WP Job Portal – A Complete Job Board # CVE-2024-12132
- CVE, Research URL
- Application
- Date
- Jan 03, 2025
- Research Description
- The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.4 due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create jobs for companies that are unaffiliated with the attacker.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Jan 09, 2025
WP Job Portal – A Complete Job Board # CVE-2024-12131
- CVE, Research URL
- Application
- Date
- Jan 07, 2025
- Research Description
- The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.5 due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to submit resumes for other applicants when applying for jobs.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Feb 03, 2025
WP Job Portal – A Complete Job Board # CVE-2024-13371
- CVE, Research URL
- Application
- Date
- Feb 01, 2025
- Research Description
- The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to unauthorized arbitrary emails sending due to a missing capability check on the sendEmailToJobSeeker() function in all versions up to, and including, 2.2.6. This makes it possible for unauthenticated attackers to send arbitrary emails with arbitrary content from the sites mail server.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
WP Job Portal – A Complete Job Board # CVE-2024-13429
- CVE, Research URL
- Application
- Date
- Feb 01, 2025
- Research Description
- The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.6 via the 'jobenforcedelete' due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with employer-level access and above, to delete arbitrary
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
WP Job Portal – A Complete Job Board # CVE-2024-13425
- CVE, Research URL
- Application
- Date
- Feb 01, 2025
- Research Description
- The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.6 via the enforcedelete() function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Employer-level access and above, to delete other users companies.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Feb 24, 2025
WP Job Portal – A Complete Job Board # CVE-2024-13873
- CVE, Research URL
- Application
- Date
- Feb 22, 2025
- Research Description
- The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.8 via the deleteUserPhoto() function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to remove profile photos from users accounts. Please note that this does not officially delete the file.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Feb 27, 2025
WP Job Portal – A Complete Job Board # CVE-2025-26935
- CVE, Research URL
- Application
- Date
- Feb 25, 2025
- Research Description
- Path Traversal vulnerability in wpjobportal WP Job Portal allows PHP Local File Inclusion. This issue affects WP Job Portal: from n/a through 2.2.8.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
May 06, 2025
WP Job Portal – A Complete Job Board # CVE-2024-13372
- CVE, Research URL
- Application
- Date
- Feb 01, 2025
- Research Description
- The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.6 via the getresumefiledownloadbyid() and getallresumefiles() functions due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to download users resumes without the appropriate authorization to do so.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
WP Job Portal – A Complete Job Board # CVE-2024-13428
- CVE, Research URL
- Application
- Date
- Feb 01, 2025
- Research Description
- The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.6 via the deleteCompanyLogo() due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to delete arbitrary company logos.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable