Directory Traversal Vulnerability in Jobs for WordPress Plugin by WordPress
CVE-2025-1310
6.5MEDIUM
What is CVE-2025-1310?
The Jobs for WordPress plugin is susceptible to Directory Traversal vulnerabilities in all versions up to 2.7.11 via the 'job_postings_get_file' parameter. This flaw allows authenticated users, who have Subscriber-level access or higher, to exploit the plugin to read sensitive files on the server. Such access can expose personal data or other critical configuration information, posing a significant security risk.
Affected Version(s)
Job Postings * <= 2.7.11