cleantalk
Vulnerabilities and Security Researches

WP Job Portal – A Complete Job Board, CVE-2025-14293

CVE, Research URL

CVE-2025-14293

Home page URL

Security reports for WP Job Portal – A Complete Job Board

Application

WP Job Portal – A Complete Job Board

Published on
Dec 12, 2025
Research Description
The WP Job Portal plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 2.4.0 via the 'downloadCustomUploadedFile' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.
Affected versions
max 2.4.0.
Status
vulnerable
Previous vulnerability researches
WP Job Portal – A Complete Job Board (CVE-2024-11711) , Dec 15, 2024
WP Job Portal – A Complete Job Board (CVE-2024-35759) , Jun 22, 2024
WP Job Portal – A Complete Job Board (CVE-2024-35760) , Jun 22, 2024
WP Job Portal – A Complete Job Board (CVE-2024-11714) , Dec 15, 2024
WP Job Portal – A Complete Job Board (CVE-2025-47438) , May 15, 2025
New vulnerability
Cool Tag Cloud (CVE-2025-69011) , Feb 27, 2026
WP Wizard Cloak (CVE-2025-53237) , Feb 27, 2026
YITH WooCommerce Compare (CVE-2026-22333) , Feb 27, 2026
Kenta Companion (CVE-2026-27090) , Feb 27, 2026
WP-Lister Lite for eBay (CVE-2026-25384) , Feb 27, 2026