WP Job Portal
wpjobportal
Developer
2.5.0
Latest version
8,000
Installations
No date
Last updated
Vulnerability history
1 present
33 patched
13 Mitigation rules
- Authenticated (Subscriber+) Arbitrary File Deletion via Resume Custom File Field vulnerability<= 2.4.92 days ago
- Unauthenticated SQL Injection via 'radius' Parameter vulnerability<= 2.4.824/03/2026
- Broken Access Control vulnerability<= 2.4.403/02/2026
- Unauthenticated SQL Injection vulnerability<= 2.2.103/02/2026
- Authenticated (Admin+) SQL Injection vulnerability<= 2.2.203/02/2026
- Authenticated (Admin+) SQL Injection via wpjobportal_deactivate() vulnerability<= 2.2.203/02/2026
- Missing Authorization to Unauthenticated Arbitrary Resume Download vulnerability<= 2.2.203/02/2026
- Missing Authorization to Limited Privilege Escalation vulnerability<= 2.2.203/02/2026
- Authenticated (Admin+) SQL Injection via getFieldsForVisibleCombobox() vulnerability<= 2.2.203/02/2026
- Insecure Direct Object References (IDOR) vulnerability<= 2.4.324/01/2026
- Insecure Direct Object Reference to Authenticated (Employer+) Arbitrary Job Deletion vulnerability<= 2.2.631/12/2025
- Cross Site Scripting (XSS) vulnerability<= 2.4.411/12/2025
- Authenticated (Subscriber+) Arbitrary File Read vulnerability<= 2.4.011/12/2025
- SQL Injection Vulnerability<= 2.3.211/06/2025
- Arbitrary File Download Vulnerability<= 2.3.224/05/2025
- Insecure Direct Object References (IDOR) Vulnerability<= 2.3.219/05/2025
- Local File Inclusion vulnerability<= 2.3.108/05/2025
- Local File Inclusion vulnerability<= 2.2.823/02/2025
- Insecure Direct Object Reference to Authenticated (Subscriber+) User Photo Disconnection vulnerability<= 2.2.821/02/2025
- Insecure Direct Object Reference to Unauthenticated Arbitrary Resume Download vulnerability<= 2.2.603/02/2025
- Insecure Direct Object Reference to Authenticated (Employer+) Arbitrary Company Deletion vulnerability<= 2.2.631/01/2025
- Missing Authorization to Unauthenticated Arbitrary Email Sending vulnerability<= 2.2.631/01/2025
- Insecure Direct Object Reference to Unauthenticated Company Logo Deletion vulnerability<= 2.2.631/01/2025
- WordPress WP Job Portal plugin <= 2.2.5- Authenticated (Subscriber+) Insecure Direct Object Reference vulnerability<= 2.2.507/01/2025
- Authenticated (Subscriber+) Insecure Direct Object Reference vulnerability<= 2.2.402/01/2025
- Cross Site Scripting (XSS) vulnerability<= 2.2.011/11/2024
- Unauthenticated Local File Inclusion, Arbitrary Settings Update, and User Creation vulnerability<= 2.1.603/09/2024
- Insecure Direct Object References (IDOR) vulnerability<= 2.1.812/08/2024
- Cross Site Scripting (XSS) vulnerability<= 2.1.317/06/2024
- Cross Site Scripting (XSS) vulnerability<= 2.1.317/06/2024
- Cross Site Request Forgery (CSRF) vulnerability<= 2.0.629/12/2023
- Unauthenticated SQLi vulnerability<= 2.0.526/09/2023
- Broken Access Control vulnerability<= 2.0.105/05/2023
- Cross Site Scripting (XSS)<= 2.0.517/03/2023