WP Job Portal
Moderate fix1 remedy
cpe:2.3:a:wpjobportal:wp_job_portal:*:*:*:*:wordpress:*:*
Moderate fix1 remedy
- <= 2.2.6
WP Job Portal Missing Authorization Vulnerability Allowing Unauthenticated Arbitrary Email Sending
Vulnerability
Patched
A vulnerability exists in the WP Job Portal WordPress plugin, specifically in versions through 2.2.6. The issue arises from a lack of proper capability checks in the sendEmailToJobSeeker() function, allowing unauthenticated users to send arbitrary emails with any content from the site's mail server.
Impact
Exploitation of this vulnerability allows for unauthorized users to send arbitrary emails from the site's mail server, potentially leading to phishing or spam-related issues.
Reproduction
To reproduce this vulnerability, send a request to the sendEmailToJobSeeker() function without the required authorization. Include the jobseeker's email, email subject, sender email, and email body in the request. The absence of a capability check will allow the email to be sent successfully, exploiting the vulnerability.
Remediation
Users are advised to update the WP Job Portal plugin to version 2.2.7 or later.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
1.6impact
0.6exploitability
9.3remediation
7.7relevance
0.0threat
4.8urgency
2.9incentive
10.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.