Primary

Context

WP Job Portal Insecure Direct Object Reference Vulnerability Allowing Unauthenticated Resume Downloads

Vulnerability

Patched

A vulnerability exists in the WP Job Portal WordPress plugin, specifically in versions through 2.2.6. The issue is an Insecure Direct Object Reference (IDOR) that allows unauthenticated users to download resumes from other users without proper authorization. This vulnerability arises from missing validation on a user-controlled key in the 'getresumefiledownloadbyid()' and 'getallresumefiles()' functions.

Impact

Exploitation of this vulnerability allows for unauthorized downloading of user resumes, potentially leading to privacy violations and unauthorized access to personal information.

Remediation

Users are advised to update the WP Job Portal plugin to version 2.2.7 or a newer patched version.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.6

impact

2.5

exploitability

7.1

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.6

impact

2.5

exploitability

7.1

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WP Job Portal Insecure Direct Object Reference Vulnerability Allowing Unauthenticated Resume Downloads

Vulnerability

Impact

Remediation

Affected Products

WP Job Portal

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating