Wp Job Portal
by Wpjobportal
Source repositories
CVEs (32)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-13371 | 0.00 | — | 0.01 | Feb 1, 2025 | The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to unauthorized arbitrary emails sending due to a missing capability check on the sendEmailToJobSeeker() function in all versions up to, and including, 2.2.6.… | |||
| CVE-2024-13425 | 0.00 | — | 0.00 | Feb 1, 2025 | The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.6 via the enforcedelete() function due to missing validation on a user controlled… | |||
| CVE-2024-13429 | 0.00 | — | 0.00 | Feb 1, 2025 | The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.6 via the 'jobenforcedelete' due to missing validation on a user controlled key.… | |||
| CVE-2024-11712 | 0.00 | — | 0.00 | Dec 14, 2024 | The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getResumeFileDownloadById() function in all versions up to, and including, 2.2.2. This… | |||
| CVE-2024-11711 | 0.00 | — | 0.01 | Dec 14, 2024 | The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to SQL Injection via the 'resumeid' parameter in all versions up to, and including, 2.2.1 due to insufficient escaping on the user supplied parameter and lack… | |||
| CVE-2024-11714 | 0.00 | — | 0.00 | Dec 14, 2024 | The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to SQL Injection via the 'ff' parameter of the getFieldsForVisibleCombobox() function in all versions up to, and including, 2.2.2 due to insufficient escaping… | |||
| CVE-2024-11713 | 0.00 | — | 0.00 | Dec 14, 2024 | The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to SQL Injection via the 'page_id' parameter of the wpjobportal_deactivate() function in all versions up to, and including, 2.2.2 due to insufficient escaping… | |||
| CVE-2024-11715 | 0.00 | — | 0.00 | Dec 14, 2024 | The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the assignUserRole() function in all versions up to, and including, 2.2.2. This makes it possible… | |||
| CVE-2024-8463 | 0.00 | — | 0.01 | Sep 5, 2024 | File upload restriction bypass vulnerability in PHPGurukul Job Portal 1.0, the exploitation of which could allow an authenticated user to execute an RCE via webshell. | |||
| CVE-2024-8167 | 0.00 | — | 0.01 | Aug 26, 2024 | A vulnerability was found in code-projects Job Portal 1.0. It has been classified as critical. Affected is an unknown function of the file /forget.php. The manipulation of the argument email/mobile leads to sql injection. It is possible to launch the attack remotely. The exploit… | |||
| CVE-2024-7682 | 0.00 | — | 0.01 | Aug 12, 2024 | A vulnerability was found in code-projects Job Portal 1.0. It has been rated as critical. This issue affects some unknown processing of the file rw_i_nat.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been… | |||
| CVE-2021-39337 | 0.00 | — | 0.01 | Oct 15, 2021 | The job-portal WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/admin/jobs_function.php file which allowed attackers with administrative user access to inject arbitrary web… |
- CVE-2024-13371Feb 1, 2025risk 0.00cvss —epss 0.01
The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to unauthorized arbitrary emails sending due to a missing capability check on the sendEmailToJobSeeker() function in all versions up to, and including, 2.2.6.…
- CVE-2024-13425Feb 1, 2025risk 0.00cvss —epss 0.00
The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.6 via the enforcedelete() function due to missing validation on a user controlled…
- CVE-2024-13429Feb 1, 2025risk 0.00cvss —epss 0.00
The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.6 via the 'jobenforcedelete' due to missing validation on a user controlled key.…
- CVE-2024-11712Dec 14, 2024risk 0.00cvss —epss 0.00
The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getResumeFileDownloadById() function in all versions up to, and including, 2.2.2. This…
- CVE-2024-11711Dec 14, 2024risk 0.00cvss —epss 0.01
The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to SQL Injection via the 'resumeid' parameter in all versions up to, and including, 2.2.1 due to insufficient escaping on the user supplied parameter and lack…
- CVE-2024-11714Dec 14, 2024risk 0.00cvss —epss 0.00
The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to SQL Injection via the 'ff' parameter of the getFieldsForVisibleCombobox() function in all versions up to, and including, 2.2.2 due to insufficient escaping…
- CVE-2024-11713Dec 14, 2024risk 0.00cvss —epss 0.00
The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to SQL Injection via the 'page_id' parameter of the wpjobportal_deactivate() function in all versions up to, and including, 2.2.2 due to insufficient escaping…
- CVE-2024-11715Dec 14, 2024risk 0.00cvss —epss 0.00
The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the assignUserRole() function in all versions up to, and including, 2.2.2. This makes it possible…
- CVE-2024-8463Sep 5, 2024risk 0.00cvss —epss 0.01
File upload restriction bypass vulnerability in PHPGurukul Job Portal 1.0, the exploitation of which could allow an authenticated user to execute an RCE via webshell.
- CVE-2024-8167Aug 26, 2024risk 0.00cvss —epss 0.01
A vulnerability was found in code-projects Job Portal 1.0. It has been classified as critical. Affected is an unknown function of the file /forget.php. The manipulation of the argument email/mobile leads to sql injection. It is possible to launch the attack remotely. The exploit…
- CVE-2024-7682Aug 12, 2024risk 0.00cvss —epss 0.01
A vulnerability was found in code-projects Job Portal 1.0. It has been rated as critical. This issue affects some unknown processing of the file rw_i_nat.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been…
- CVE-2021-39337Oct 15, 2021risk 0.00cvss —epss 0.01
The job-portal WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/admin/jobs_function.php file which allowed attackers with administrative user access to inject arbitrary web…
Page 2 of 2