cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-12131,https://securityvulnerability.io/vulnerability/CVE-2024-12131,Insecure Direct Object Reference in WP Job Portal Plugin for WordPress,"The WP Job Portal plugin for WordPress contains a vulnerability that allows authenticated users, with Subscriber-level access and higher, to manipulate requests and submit resumes on behalf of other users. This weakness arises due to insufficient validation on a user-controlled key, potentially compromising the integrity of applicant information. All versions of the plugin prior to 2.2.6 are affected, providing a significant security risk for recruitment systems leveraging this widely used plugin.",Wordpress,WP Job Portal – A Complete Recruitment System For Company Or Job Board Website,4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,false,false,false,2025-01-07T12:43:40.934Z,0
CVE-2024-11712,https://securityvulnerability.io/vulnerability/CVE-2024-11712,Unauthorized Access to User Resumes through Missing Capability Check,"The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getResumeFileDownloadById() function in all versions up to, and including, 2.2.2. This makes it possible for unauthenticated attackers to download other users resumes.",Wordpress,WP Job Portal – A Complete Recruitment System For Company Or Job Board Website,5.3,MEDIUM,0.0005200000014156103,false,,false,false,false,,false,false,2024-12-14T06:45:16.858Z,0
CVE-2024-11710,https://securityvulnerability.io/vulnerability/CVE-2024-11710,SQL Injection Vulnerability in WP Job Portal Plugin Allows Attackers to Extract Sensitive Information from Database,"The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to SQL Injection via the 'fieldfor', 'visibleParent' and 'id' parameters in all versions up to, and including, 2.2.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.",Wordpress,WP Job Portal – A Complete Recruitment System For Company Or Job Board Website,4.9,MEDIUM,0.0005799999926239252,false,,false,false,false,,false,false,2024-12-14T06:45:16.471Z,0
CVE-2024-11711,https://securityvulnerability.io/vulnerability/CVE-2024-11711,SQL Injection Vulnerability in WP Job Portal Plugin,"The WP Job Portal plugin for WordPress is susceptible to SQL Injection, specifically through the 'resumeid' parameter. This vulnerability exists in all versions up to and including 2.2.1, primarily due to inadequate escaping of user-supplied input and inadequate preparation of SQL queries. Attackers, even those without authentication, could potentially inject additional SQL queries into existing ones, allowing access to and extraction of sensitive data from the database. Website administrators utilizing this plugin should take immediate action to mitigate the risk associated with this vulnerability.",Wordpress,WP Job Portal – A Complete Recruitment System For Company Or Job Board Website,7.5,HIGH,0.0006399999838322401,false,,false,false,false,,false,false,2024-12-14T06:45:16.039Z,0
CVE-2024-11714,https://securityvulnerability.io/vulnerability/CVE-2024-11714,SQL Injection Vulnerability in WP Job Portal plugin,"The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to SQL Injection via the 'ff' parameter of the getFieldsForVisibleCombobox() function in all versions up to, and including, 2.2.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.",Wordpress,WP Job Portal – A Complete Recruitment System For Company Or Job Board Website,4.9,MEDIUM,0.0005799999926239252,false,,false,false,false,,false,false,2024-12-14T06:45:15.610Z,0
CVE-2024-11713,https://securityvulnerability.io/vulnerability/CVE-2024-11713,SQL Injection Vulnerability in WP Job Portal Plugin Allows Attackers to Extract Sensitive Information,"The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to SQL Injection via the 'page_id' parameter of the wpjobportal_deactivate() function in all versions up to, and including, 2.2.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.",Wordpress,WP Job Portal – A Complete Recruitment System For Company Or Job Board Website,4.9,MEDIUM,0.0005799999926239252,false,,false,false,false,,false,false,2024-12-14T06:45:15.220Z,0
CVE-2024-11715,https://securityvulnerability.io/vulnerability/CVE-2024-11715,Unauthorized Access Vulnerability in WP Job Portal Plugin,"The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the assignUserRole() function in all versions up to, and including, 2.2.2. This makes it possible for unauthenticated attackers to elevate their privileges to that of an employer.",Wordpress,WP Job Portal – A Complete Recruitment System For Company Or Job Board Website,4.8,MEDIUM,0.0005200000014156103,false,,false,false,false,,false,false,2024-12-14T06:45:14.790Z,0
CVE-2024-7950,https://securityvulnerability.io/vulnerability/CVE-2024-7950,Vulnerabilities in WP Job Portal Plugin Could Allow Attacks,"The WP Job Portal plugin for WordPress is susceptible to Local File Inclusion vulnerabilities that allow unauthorized attackers to include and execute arbitrary files on the server. This is achieved through several functions invoked by the 'checkFormRequest' function, making it possible to execute PHP code within those files. Additionally, the vulnerability facilitates bypassing of access controls, exposing sensitive data, and arbitrary settings updates, including the creation of user accounts with default Administrator roles, even when user registration is disabled. This poses significant risks for WordPress installations utilizing the affected plugin versions.",Wordpress,WP Job Portal – A Complete Recruitment System For Company Or Job Board Website,9.8,CRITICAL,0.0013800000306218863,false,,false,false,false,,false,false,2024-09-04T02:33:48.311Z,0
CVE-2023-4490,https://securityvulnerability.io/vulnerability/CVE-2023-4490,WP Job Portal < 2.0.6 - Unauthenticated SQLi,"The WP Job Portal plugin for WordPress prior to version 2.0.6 has a serious security flaw that allows unauthenticated users to perform SQL injection attacks. This vulnerability arises due to failure to properly sanitize and escape a user-controlled parameter that is used in a SQL statement. As a result, attackers can potentially manipulate database queries, leading to unauthorized data access and exploitation of the web application.",Wordpress,WP Job Portal,9.8,CRITICAL,0.0030499999411404133,false,,false,false,false,,false,false,2023-09-25T16:15:00.000Z,0