WP Job Portal
wpjobportal
Developer
2.4.7
Latest version
8,000
Installations
No date
Last updated
Vulnerability history
1 present
31 patched
11 Mitigation rules
- Broken Access Control vulnerability<= 2.4.4Feb 3, 2026
- Unauthenticated SQL Injection vulnerability<= 2.2.1Feb 3, 2026
- Authenticated (Admin+) SQL Injection vulnerability<= 2.2.2Feb 3, 2026
- Authenticated (Admin+) SQL Injection via wpjobportal_deactivate() vulnerability<= 2.2.2Feb 3, 2026
- Missing Authorization to Unauthenticated Arbitrary Resume Download vulnerability<= 2.2.2Feb 3, 2026
- Missing Authorization to Limited Privilege Escalation vulnerability<= 2.2.2Feb 3, 2026
- Authenticated (Admin+) SQL Injection via getFieldsForVisibleCombobox() vulnerability<= 2.2.2Feb 3, 2026
- Insecure Direct Object References (IDOR) vulnerability<= 2.4.3Jan 24, 2026
- Insecure Direct Object Reference to Authenticated (Employer+) Arbitrary Job Deletion vulnerability<= 2.2.6Dec 31, 2025
- Cross Site Scripting (XSS) vulnerability<= 2.4.4Dec 11, 2025
- Authenticated (Subscriber+) Arbitrary File Read vulnerability<= 2.4.0Dec 11, 2025
- SQL Injection Vulnerability<= 2.3.2Jun 11, 2025
- Arbitrary File Download Vulnerability<= 2.3.2May 24, 2025
- Insecure Direct Object References (IDOR) Vulnerability<= 2.3.2May 19, 2025
- Local File Inclusion vulnerability<= 2.3.1May 8, 2025
- Local File Inclusion vulnerability<= 2.2.8Feb 23, 2025
- Insecure Direct Object Reference to Authenticated (Subscriber+) User Photo Disconnection vulnerability<= 2.2.8Feb 21, 2025
- Insecure Direct Object Reference to Unauthenticated Arbitrary Resume Download vulnerability<= 2.2.6Feb 3, 2025
- Insecure Direct Object Reference to Authenticated (Employer+) Arbitrary Company Deletion vulnerability<= 2.2.6Jan 31, 2025
- Missing Authorization to Unauthenticated Arbitrary Email Sending vulnerability<= 2.2.6Jan 31, 2025
- Insecure Direct Object Reference to Unauthenticated Company Logo Deletion vulnerability<= 2.2.6Jan 31, 2025
- WordPress WP Job Portal plugin <= 2.2.5- Authenticated (Subscriber+) Insecure Direct Object Reference vulnerability<= 2.2.5Jan 7, 2025
- Authenticated (Subscriber+) Insecure Direct Object Reference vulnerability<= 2.2.4Jan 2, 2025
- Cross Site Scripting (XSS) vulnerability<= 2.2.0Nov 11, 2024
- Unauthenticated Local File Inclusion, Arbitrary Settings Update, and User Creation vulnerability<= 2.1.6Sep 3, 2024
- Insecure Direct Object References (IDOR) vulnerability<= 2.1.8Aug 12, 2024
- Cross Site Scripting (XSS) vulnerability<= 2.1.3Jun 17, 2024
- Cross Site Scripting (XSS) vulnerability<= 2.1.3Jun 17, 2024
- Cross Site Request Forgery (CSRF) vulnerability<= 2.0.6Dec 29, 2023
- Unauthenticated SQLi vulnerability<= 2.0.5Sep 26, 2023
- Broken Access Control vulnerability<= 2.0.1May 5, 2023
- Cross Site Scripting (XSS)<= 2.0.5Mar 17, 2023