cleantalk
Vulnerabilities and Security Researches

WP Job Portal – A Complete Job Board, CVE-2026-4758

CVE, Research URL

CVE-2026-4758

Home page URL

Security reports for WP Job Portal – A Complete Job Board

Application

WP Job Portal – A Complete Job Board

Published on
Mar 26, 2026
Research Description
The WP Job Portal plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'WPJOBPORTALcustomfields::removeFileCustom' function in all versions up to, and including, 2.4.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
Affected versions
max 2.5.0.
Status
vulnerable
Previous vulnerability researches
WP Job Portal – A Complete Job Board (CVE-2024-11711) , Dec 15, 2024
WP Job Portal – A Complete Job Board (CVE-2024-35759) , Jun 22, 2024
WP Job Portal – A Complete Job Board (CVE-2024-35760) , Jun 22, 2024
WP Job Portal – A Complete Job Board (CVE-2024-11714) , Dec 15, 2024
WP Job Portal – A Complete Job Board (CVE-2025-47438) , May 15, 2025
New vulnerability
rexCrawler (CVE-2026-2280) , May 28, 2026
Responsive Check (CVE-2026-8844) , May 28, 2026
WordPress Tour & Travel Booking Plugin for WooCommerce – WpTravelly (CVE-2026-27331) , May 28, 2026
auto making JSON-LD (CVE-2026-8938) , May 28, 2026
Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin (CVE-2026-7797) , May 28, 2026