cleantalk
Vulnerabilities and Security Researches

Job Listings, CVE-2025-3918

CVE, Research URL

CVE-2025-3918

Home page URL

Security reports for Job Listings

Application

Job Listings

Published on
May 03, 2025
Research Description
The Job Listings plugin for WordPress is vulnerable to Privilege Escalation due to improper authorization within the register_action() function in versions 0.1 to 0.1.1. The plugin’s registration handler reads the client-supplied $_POST['user_role'] and passes it directly to wp_insert_user() without restricting to a safe set of roles. This makes it possible for unauthenticated attackers to elevate their privileges to that of an administrator.
Affected versions
Min 0.1, max 0.1.1.
Status
vulnerable
Previous vulnerability researches
KiwiChat NextClient (CVE-2025-3670) , May 03, 2025
New vulnerability
Job Listings (CVE-2025-3918) , May 04, 2025
Popups, Email Popup, Exit Intent Pop Up, Upsell Pop Up, Cart Abandonment Popups, Contact Form Builder – Personizely (CVE-2025-3779) , May 04, 2025
VerticalResponse Newsletter Widget (CVE-2025-4172) , May 04, 2025
Subpage List (CVE-2025-4168) , May 04, 2025
OTP-less one tap Sign in (CVE-2025-3746) , May 04, 2025