cleantalk
Vulnerabilities and Security Researches

WP Job Portal – A Complete Job Board, CVE-2024-13372

CVE, Research URL

CVE-2024-13372

Home page URL

Security reports for WP Job Portal – A Complete Job Board

Application

WP Job Portal – A Complete Job Board

Published on
Feb 01, 2025
Research Description
The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.6 via the getresumefiledownloadbyid() and getallresumefiles() functions due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to download users resumes without the appropriate authorization to do so.
Affected versions
Min -, max 2.2.7.
Status
vulnerable
Previous vulnerability researches
Clever Addons for Elementor (CVE-2024-43324) , Aug 20, 2024
Clever Addons for Elementor (CVE-2024-10357) , Oct 27, 2024
Clever Addons for Elementor (CVE-2024-51580) , Nov 04, 2024
Clever Addons for Elementor (CVE-2024-2350) , Jun 07, 2024
Clever Addons for Elementor (CVE-2021-24273) , Jun 07, 2024
New vulnerability
Newsletter – Send awesome emails from WordPress (CVE-2025-3583) , May 07, 2025
Insert PHP Code Snippet (CVE-2024-43275) , May 07, 2025
Gutenverse – Gutenberg Blocks – Page Builder for Site Editor (CVE-2024-38785) , May 07, 2025
Section Widget (CVE-2025-46537) , May 07, 2025
WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) (CVE-2024-3599) , May 07, 2025