Primary

Context

WP Job Portal Insecure Direct Object Reference Vulnerability Allowing Unauthenticated Logo Deletion

Vulnerability

Patched

A vulnerability exists in the WP Job Portal WordPress plugin, specifically in versions through 2.2.6. The issue is an Insecure Direct Object Reference (IDOR) that allows unauthenticated users to delete arbitrary company logos. This vulnerability arises from the deleteCompanyLogo() function, which lacks proper validation on user-controlled keys.

Impact

Exploitation of this vulnerability allows for unauthorized deletion of company logos, potentially disrupting the visual branding or representation of businesses using the job portal plugin.

Remediation

Users are advised to update the WP Job Portal plugin to version 2.2.7 or a newer patched version.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.6

impact

0.6

exploitability

7.1

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.6

impact

0.6

exploitability

7.1

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WP Job Portal Insecure Direct Object Reference Vulnerability Allowing Unauthenticated Logo Deletion

Vulnerability

Impact

Remediation

Affected Products

WP Job Portal

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating