Primary

Context

WP Job Portal Insecure Direct Object Reference Vulnerability Allowing Arbitrary Job Deletion

Vulnerability

Patched

A vulnerability exists in the WP Job Portal WordPress plugin, specifically in versions through 2.2.6. This issue is an Insecure Direct Object Reference (IDOR) that arises from inadequate validation of user-controlled keys in the 'jobenforcedelete' function. As a result, authenticated attackers with employer-level access or higher can delete arbitrary job postings.

Impact

Exploitation of this vulnerability allows for unauthorized deletion of job postings by authenticated users with employer-level access or higher.

Remediation

Users are advised to update the WP Job Portal plugin to version 2.2.7 or a newer patched version.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.6

impact

0.6

exploitability

5.7

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.6

impact

0.6

exploitability

5.7

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WP Job Portal Insecure Direct Object Reference Vulnerability Allowing Arbitrary Job Deletion

Vulnerability

Impact

Remediation

Affected Products

WP Job Portal

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating