WP Job Portal
0 remedies
cpe:2.3:a:wpjobportal:wp_job_portal:*:*:*:*:wordpress:*:*
0 remedies
- <= 2.4.0
WP Job Portal Plugin Arbitrary File Read Vulnerability
Vulnerability
A vulnerability allowing arbitrary file read has been identified in the WP Job Portal plugin for WordPress, affecting all versions through 2.4.0. The issue arises in the 'downloadCustomUploadedFile' function, where authenticated attackers with Subscriber-level access or higher can read the contents of arbitrary files on the server. This could lead to the exposure of sensitive information.
Impact
Exploitation of this vulnerability could result in unauthorized access to sensitive files on the server.
Reproduction
To reproduce this vulnerability, an authenticated user with Subscriber-level access or higher can use the 'downloadCustomUploadedFile' function to request and download arbitrary files from the server. The vulnerability can be exploited by manipulating the file name parameter to access files outside of the intended directory.
Remediation
No known patch is available. It is recommended to uninstall the affected plugin and find a replacement.
Added: Dec 11, 2025, 9:26 PM
Updated: Dec 11, 2025, 9:26 PM
Vulnerability Rating
Custom Algorithm
spread
1.6impact
2.5exploitability
6.4remediation
0.0relevance
1.4threat
4.8urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.