Plugin icon

WP Job Portal – AI-Powered Recruitment System for Company or Job Board website

wp-job-portal

Vulnerabilities:

34

Last Updated:

March 25, 2026

Active Installs:

7000

Published
Title
Fixed in
CVSS
Published
2026-03-25
Title
WP Job Portal < 2.5.0 - Authenticated (Subscriber+) Arbitrary File Deletion via Resume Custom File Field
Fixed in
Fixed in 2.5.0
CVSS
8.8 (high)
Published
2026-03-23
Title
WP Job Portal < 2.4.9 - Unauthenticated SQL Injection via 'radius' Parameter
Fixed in
Fixed in 2.4.9
CVSS
7.5 (high)
Published
2026-02-03
Title
WP Job Portal < 2.4.5 - Missing Authorization
Fixed in
Fixed in 2.4.5
CVSS
5.3 (medium)
Published
2026-01-24
Title
Job Portal < 2.4.4 - Authenticated (Subscriber+) Insecure Direct Object Reference
Fixed in
Fixed in 2.4.4
CVSS
4.3 (medium)
Published
2025-12-11
Title
WP Job Portal <= 2.4.4 - Authenticated (Editor+) Stored Cross-Site Scripting via Job Description Field
Fixed in
No known fix
CVSS
4.4 (medium)
Published
2025-12-11
Title
WP Job Portal < 2.4.1 - Authenticated (Subscriber+) Arbitrary File Read
Fixed in
Fixed in 2.4.1
CVSS
6.5 (medium)
Published
2025-06-11
Title
WP Job Portal < 2.3.3 - Unauthenticated SQL Injection
Fixed in
Fixed in 2.3.3
CVSS
7.5 (high)
Published
2025-05-24
Title
WP Job Portal < 2.3.3 - Unauthenticated Arbitrary File Download
Fixed in
Fixed in 2.3.3
CVSS
7.5 (high)
Published
2025-05-19
Title
WP Job Portal < 2.3.3 - Unauthenticated Insecure Direct Object Reference
Fixed in
Fixed in 2.3.3
CVSS
5.3 (medium)
Published
2025-05-08
Title
WP Job Portal < 2.3.2 - Unauthenticated Local File Inclusion
Fixed in
Fixed in 2.3.2
CVSS
9.8 (critical)
Published
2025-02-23
Title
WP Job Portal < 2.2.9 - Authenticated (Contributor+) Local File Inclusion
Fixed in
Fixed in 2.2.9
CVSS
8.8 (high)
Published
2025-02-21
Title
WP Job Portal < 2.2.9 - Insecure Direct Object Reference to Authenticated (Subscriber+) User Photo Disconnection
Fixed in
Fixed in 2.2.9
CVSS
4.3 (medium)
Published
2025-01-31
Title
WP Job Portal < 2.2.7 - Insecure Direct Object Reference to Authenticated (Employer+) Arbitrary Job Deletion
Fixed in
Fixed in 2.2.7
CVSS
4.3 (medium)
Published
2025-01-31
Title
WP Job Portal < 2.2.7 - Insecure Direct Object Reference to Unauthenticated Company Logo Deletion
Fixed in
Fixed in 2.2.7
CVSS
5.3 (medium)
Published
2025-01-31
Title
WP Job Portal < 2.2.7 - Insecure Direct Object Reference to Unauthenticated Arbitrary Resume Download
Fixed in
Fixed in 2.2.7
CVSS
5.3 (medium)
Published
2025-01-31
Title
WP Job Portal < 2.2.7 - Insecure Direct Object Reference to Authenticated (Employer+) Arbitrary Company Deletion
Fixed in
Fixed in 2.2.7
CVSS
4.3 (medium)
Published
2025-01-31
Title
WP Job Portal < 2.2.7 - Missing Authorization to Unauthenticated Arbitrary Email Sending
Fixed in
Fixed in 2.2.7
CVSS
5.3 (medium)
Published
2025-01-06
Title
WP Job Portal – A Complete Recruitment System for Company or Job Board website < 2.2.6- Authenticated (Subscriber+) Insecure Direct Object Reference
Fixed in
Fixed in 2.2.6
CVSS
4.3 (medium)
Published
2025-01-02
Title
WP Job Portal – A Complete Recruitment System for Company or Job Board website < 2.2.5 - Authenticated (Subscriber+) Insecure Direct Object Reference
Fixed in
Fixed in 2.2.5
CVSS
4.3 (medium)
Published
2024-12-13
Title
WP Job Portal < 2.2.3 - Authenticated (Admin+) SQL Injection via wpjobportal_deactivate()
Fixed in
Fixed in 2.2.3
CVSS
4.9 (medium)
Published
2024-12-13
Title
WP Job Portal < 2.2.3 - Unauthenticated SQL Injection
Fixed in
Fixed in 2.2.3
CVSS
7.5 (high)
Published
2024-12-13
Title
WP Job Portal < 2.2.3 - Missing Authorization to Unauthenticated Arbitrary Resume Download
Fixed in
Fixed in 2.2.3
CVSS
5.3 (medium)
Published
2024-12-13
Title
WP Job Portal < 2.2.3 - Missing Authorization to Limited Privilege Escalation
Fixed in
Fixed in 2.2.3
CVSS
4.8 (medium)
Published
2024-12-13
Title
WP Job Portal < 2.2.3 - Authenticated (Admin+) SQL Injection via getFieldsForVisibleCombobox()
Fixed in
Fixed in 2.2.3
CVSS
4.9 (medium)
Published
2024-12-13
Title
WP Job Portal < 2.2.3 - Authenticated (Admin+) SQL Injection
Fixed in
Fixed in 2.2.3
CVSS
4.9 (medium)
Published
2024-11-11
Title
WP Job Portal < 2.2.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting
Fixed in
Fixed in 2.2.1
CVSS
6.4 (medium)
Published
2024-09-03
Title
WP Job Portal < 2.1.7 - Missing Authorization to Unauthenticated Local File Inclusion, Arbitrary Settings Update, and User Creation
Fixed in
Fixed in 2.1.7
CVSS
9.8 (critical)
Published
2024-08-12
Title
WP Job Portal < 2.1.9 - Subscriber+ Insecure Direct Object Reference
Fixed in
Fixed in 2.1.9
CVSS
4.3 (medium)
Published
2024-06-17
Title
WP Job Portal < 2.1.4 - Authenticated (Admin+) Stored Cross-Site Scripting
Fixed in
Fixed in 2.1.4
CVSS
4.4 (medium)
Published
2024-06-17
Title
WP Job Portal < 2.1.4 - Authenticated (Admin+) Stored Cross-Site Scripting
Fixed in
Fixed in 2.1.4
CVSS
4.4 (medium)
Published
2023-12-29
Title
WP Job Portal < 2.0.7 - Cross-Site Request Forgery
Fixed in
Fixed in 2.0.7
CVSS
4.3 (medium)
Published
2023-08-30
Title
WP Job Portal < 2.0.6 - Unauthenticated SQLi
Fixed in
Fixed in 2.0.6
CVSS
8.6 (high)
Published
2023-05-05
Title
WP Job Portal < 2.0.2 - Unauthenticated Settings Update
Fixed in
Fixed in 2.0.2
CVSS
5.3 (medium)
Published
2023-03-17
Title
WP Job Portal < 2.0.6 - Subscriber+ Stored XSS
Fixed in
Fixed in 2.0.6
CVSS
8.0 (high)