Insecure Direct Object Reference in WP Job Portal Plugin for WordPress
CVE-2024-12131

4.3MEDIUM

Key Information:

Vendor: Wordpress
Status: WP Job Portal – A Complete Recruitment System For Company Or Job Board Website
Vendor: CVE Published:; 7 January 2025

Summary

The WP Job Portal plugin for WordPress contains a vulnerability that allows authenticated users, with Subscriber-level access and higher, to manipulate requests and submit resumes on behalf of other users. This weakness arises due to insufficient validation on a user-controlled key, potentially compromising the integrity of applicant information. All versions of the plugin prior to 2.2.6 are affected, providing a significant security risk for recruitment systems leveraging this widely used plugin.

Affected Version(s)

WP Job Portal – A Complete Recruitment System for Company or Job Board website * <= 2.2.5

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/wp-job-portal/...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 7, 2025
Vulnerability Reserved
Dec 4, 2024

Credit

Apostolos Sakellariou